19 matches found
EUVD-2026-18082
CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...
CVE-2020-7909
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI...
PT-2025-47899
Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...
EUVD-2025-27974
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-2304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily...
CVE-2025-53305 WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through = 1.8.2...
CVE-2024-51948
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51953 Stored XSS in ArcGIS Server Rest services
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51953 Stored XSS in ArcGIS Server Rest services
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2025-27418 WeGIA contains a Stored Cross-Site Scripting (XSS) in 'adicionar_tipo_atendido.php' via the 'tipo' parameter
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipoatendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into t...
Nextcloud 信息泄露漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that stems from the fact that after storing "global credentials" on the server, the API returns...
Denial Of Service (DoS)
rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Stored Procedure component in the library, allowing attacker to cause an application crash through the multiple protocols...
Denial Of Service (DoS)
rh-mysql80-mysql is vulnerable to denial of service. An attacker can crash the application via the Server: Stored Procedure component...
UBUNTU-CVE-2021-2215
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
MariaDB 10.3.0 < 10.3.23 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.3.23. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.3.23 advisory. - libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from...
MariaDB 10.4.0 < 10.4.13 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.4.13. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.4.13 advisory. - libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from...
CVE-2020-7909
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI...
Parse Cookie to deceive the implementation process and the specific application-vulnerability warning-the black bar safety net
As we know, in network words, a cookie is a special information, although only the Server stored in the user's computer on a text file, but due to its content of unusual sexualand the server has some interactive sex, and often will store the user name and even password, or other sensitive...
CVE-2002-1145
The xprunwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine MSDE 1.0, and Microsoft Desktop Engine MSDE 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owne...