GHSA-85M8-G393-JCXF CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS

Summary Vulnerability: Stored DOM Blind XSS via Backup Management Filename Persistent Payload Injection - Stored Cross-Site Scripting Blind XSS via Unsanitized Backup Filename in Backup Management Description The application fails to properly sanitize user-controlled input when handling backup...

Altium 365 security vulnerabilities

Altium 365 is a product design and development platform provided by the American company Altium. There is a security vulnerability in Altium 365, which stems from the lack of server-side input validation in the AddComment endpoint. This vulnerability may lead to storage-based cross-site scripting...

EUVD-2024-38585

Malicious code in bioql PyPI...

EUVD-2024-38586

Malicious code in bioql PyPI...

EUVD-2025-11136

Malicious code in bioql PyPI...

EUVD-2024-38587

Malicious code in bioql PyPI...

CVE-2023-6835

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated...

CVE-2024-31485

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V5.30, SICORE Base system All versions V1.3.0. The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated...

Eaton Foreseer EPMS 安全漏洞

Eaton Foreseer EPMS is a highly customizable web-based software platform from Eaton Corporation. A security vulnerability exists in Eaton Foreseer EPMS versions prior to 7.8.600, which stems from improper server-side input cleanup, leading to the injection and execution of malicious scripts...

CVE-2024-40722

CVE-2024-40722 affects the TCBServiSign Windows Version from CHANGING Information Technology. The vulnerability is caused by an API that does not properly validate the length of server-side input, enabling unauthenticated remote attackers to trigger a stack-based buffer overflow when a user visit...

CVE-2024-40721

The CVE-2024-40721 entry concerns an improper server-side input validation in the API of the TCBServiSign Windows Version from CHANGING Information Technology . The flaw allows unauthenticated remote attackers to trigger loading a DLL from an arbitrary path when a user visits a spoofed website, i...

CVE-2024-40720

The CVE-2024-40720 entry concerns CHANGING Information Technology’s TCBServiSign Windows Version. A specific API fails to properly validate server-side input, enabling unauthenticated, remote attackers to modify the HKEY_CURRENT_USER registry when a user visits a spoofed website and execute arbit...

CVE-2024-0396 Missing Server-Side Input Validation in HTTP Parameter

In Progress MOVEit Transfer versions released before 2022.0.10 14.0.10, 2022.1.11 14.1.11, 2023.0.8 15.0.8, 2023.1.3 15.1.3, an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational...

CVE-2024-0396 Missing Server-Side Input Validation in HTTP Parameter

In Progress MOVEit Transfer versions released before 2022.0.10 14.0.10, 2022.1.11 14.1.11, 2023.0.8 15.0.8, 2023.1.3 15.1.3, an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational...

Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60608)

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A command injection vulnerability exists in the Siemens RUGGEDCOM ROX, which stems from a lack of server-side input validation, making the uninstall-ap...

Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60606)

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A command injection vulnerability exists in the Siemens RUGGEDCOM ROX, which stems from a lack of server-side input validation, making the SCEP CA...

Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60611)

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A command injection vulnerability exists in the Siemens RUGGEDCOM ROX, which stems from a lack of server-side input validation, making the Software...

RCE in developer mode

Description Nuxt contains a test-component-wrapper component. This is used to mount a single component for testing. This component has a dynamic import function which accepts arbitrary user input on the server side. This pattern will almost always lead to an RCE bug. Requirements & Notes The serv...