CVE-2026-36180

The CVE describes a lack of runtime integrity in GNCC GP5 v7.1.76 that lets physically proximate attackers bypass read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack. Affected product: GNCC GP5 (version 7.1.76). Root cause: runtime...

CVE-2026-34241

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of AI prompt responses. An attacker can execute arbitrary scripts in the context of another user's session by injecting malicious HTML or JavaScrip...

CVE-2025-10573

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required...

PT-2025-50272

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of the ''/Mondo/lang/sys/Forms/MAI/compose.aspx'' endpoint. The...

CVE-2025-10557

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

EUVD-2024-0439

Malicious code in bioql PyPI...

CVE-2025-20239

CVE-2025-20239 describes an unauthenticated, remote-execution of a memory-leak/DoS in the IKEv2 processing of Cisco IOS, IOS XE, ASA, and FTD. Exploitation via crafted IKEv2 packets can cause IOS/IOS XE devices to reload; ASA/FTD may partially exhaust memory leading to instability and inability t...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

CVE-2023-6333

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session...

Design/Logic Flaw

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content...

CVE-2019-17068

PuTTY prior to 0.73 mishandled the bracketed paste mode protection, potentially allowing a session to be affected by malicious clipboard content. OpenSUSE/Mageia advisories confirm the fix in version 0.73 and reference CVE-2019-17068 (and related CVE-2019-17069). The issue is addressed by upgradi...

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...