50 matches found
EUVD-2026-36539
parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist...
PT-2026-48387
Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk. Spam protection WordPress plugin versions prior to 6.79 Description Insufficient sanitization of content within a custom shortcode used in the email-encoding feature allows unauthenticated attackers to perform Stored...
CVE-2026-34692 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
March Microsoft Patch Tuesday
March Microsoft Patch Tuesday. A total of 79 vulnerabilities, about one and a half times more than in February. What's truly unusual is that this time there were no vulnerabilities with signs of exploitation in the wild or a public exploit! 🤔 At least not yet. 😏 The following vulnerabilities can ...
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker , a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home mo...
Microsoft Patch Tuesday for March 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the three "critical" vulnerabilitie...
EUVD-2025-208475
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14...
CVE-2025-70025
CVE-2025-70025 concerns benkeen generatedata 4.0.14, with a vulnerability described as CWE-79: Improper Neutralization of Input During Web Page Generation. The connected sources consistently identify benkeen generatedata 4.0.14 as affected. CVSSv3.1 base score is 6.1 (MEDIUM) with network access,...
Ubiquiti UniFi Protect Application 安全漏洞
Ubiquiti UniFi Protect Application is a security application from Ubiquiti, Inc. A security vulnerability exists in Ubiquiti UniFi Protect Application version 6.1.79 and earlier, which stems from a flaw in the discovery protocol that could lead to unauthorized access...
CVE-2025-55063
CWE-79 Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting'...
CVE-2025-55064 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CWE-79 Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting'...
CVE-2025-64565 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...
CVE-2025-64543 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...
Lexmark Printers 7PK - Security Features (CVE-2019-10059)
The legacy finger service TCP port 79 is enabled by default on various older Lexmark devices. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Advisory ROSA-SA-2025-3037
Software: postgresql14 14.18 OS: rosa-server79 unaffected versions = postgresql14-14.18-1PGDG.res7 affected versions postgresql14-14.18-1PGDG.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, and arraysubscripthandler functio...
CVE-2025-54272
CVE-2025-54272 is a stored XSS vulnerability in Adobe Experience Manager (AEM) 11.6 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading a page containing the affec...
Fedora 41 : gh (2025-24e111e6f1)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-24e111e6f1 advisory. Update to 2.79.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
CVE-2025-55054
CVE-2025-55054 is a CWE-79 Cross-site Scripting flaw: improper neutralization of input during web page generation leads to XSS. Connected data cites Baicells EG7035E-M11 (BaiCE_BM_2.5.26_NA) as affected, indicating a web-facing input handling weakness. The documents do not provide explicit exploi...
CVE-2024-43797
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries or access only the ones they have permission to. However, the LibraryController is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to...
CVE-2023-22277
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314...