CVE-2026-1937

creationtimestamp| type| source ---|---|--- 2026-02-18 07:20:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf4k5rfaio2x 2026-02-18 07:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116090459262209792 2026-02-18 07:30:32+00:00| seen|...

Cross-site Scripting (XSS)

s-cart/core and gp247/core are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the User-Agent header in the Admin Log Viewer, which allows an attacker to inject malicious scripts that execute in an administrator’s browser when viewing the security log...

EUVD-2018-9663

Malware in sbrugna...

EUVD-2018-14352

Malware in sbrugna...

GHSA-46V4-5MC8-Q2CF GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

CVE-2025-57407

This CVE affects s-cart components (notably s-cart/core and gp247/core) and the Admin Log Viewer, where a stored XSS flaw allows a remote authenticated attacker to inject arbitrary script via a crafted User-Agent header. The vulnerability arises from improper handling/sanitization of User-Agent d...

Microsoft Windows Local Security Authority Subsystem Service 资源管理错误漏洞

The Microsoft Windows Local Security Authority Subsystem Service is an internal program of Microsoft Corporation USA that runs Windows system security policies. It verifies user identity, manages user password changes, and generates access characters when a user logs on to a computer standalone o...

CVE-2025-4553

creationtimestamp| type| source ---|---|--- 2025-05-12 03:30:48+00:00| published-proof-of-concept| Telegram/uE9n1u9a9if1NvQFWLw0wRNMutCfzKYCXy9qgufB4ZCJSI 2025-05-12 04:24:23+00:00| seen| https://t.me/cvedetector/25059 2025-05-12 04:42:09+00:00| seen|...

CVE-2025-46672

creationtimestamp| type| source ---|---|--- 2025-04-27 01:08:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13592 2025-04-27 01:48:41+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114407408963291150 2025-04-27 03:35:24+00:00| seen|...

CVE-2025-24076

creationtimestamp| type| source ---|---|--- 2025-03-11 16:39:36+00:00| seen| https://www.thezdi.com/blog/2025/3/11/the-march-2025-security-update-review 2025-03-31 02:31:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9584 2025-04-15 09:00:16+00:00| seen|...

GHSA-JWCM-9G39-PMCW Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. Details This vulnerability stems from several gh commands used to clone a repository with...

`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

Summary A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. Details go-gh sources authentication tokens from different environment variables depending on the host involved: - GITHUBTOKEN...

WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting 1. On the login page, enter any username and for the password enter alert1 2. As an admin, view the logs at:...

"You must enter valid credentials" error happen when logon Director Web for some users

Some domain admin users fail to logon Director Web page. "You must enter valid credentials" error happen when logon Director Web for some admin users. Username and Password are correct since they can logon via Director server vm console. Event ID 7 Warning show on Director Server Application even...

CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability

...

CVE-2021-39011

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645...

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional monitoring devices, related to deficiencies in authentication procedures, allows attackers to delete security log files.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multi-functional measuring devices is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to remotely delete security log files...

Microsoft Windows Local Security Authority Subsystem Service 缓冲区错误漏洞

The Microsoft Windows Local Security Authority Subsystem Service is an internal Microsoft program that runs Windows system security policies. It authenticates users when they log on to a computer standalone or server, manages user password changes, and generates access characters. It also leaves...