VulnCheck KEV: CVE-2025-30397

Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL...

The vulnerability of the software URL processor for Cisco Webex App allows a perpetrator to execute arbitrary commands.

The vulnerability of the software URL processor for Cisco Webex App relates to the ability to download files from untrusted sources. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands when a user accesses a specially crafted link...

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...

CVE-2024-36222

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

GHSA-JJ7C-JRV4-C65X plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this, by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an...

The vulnerability of the monitoring and security management tool Trend Micro Apex Central lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the monitoring and security management tool Trend Micro Apex Central exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created link...

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.

The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created link...

Cross site scripting

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in...

CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in contex...

Drupal Core Open Redirect vulnerability

Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22651)

Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from a lack of validation and escaping of user-supplied data in the search screen, and could be exploited by remote attackers to trick victims int...

CVE-2021-36092

Removed by vendor...

IBM Jazz Foundation 安全漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technologies. A hijacking vulnerability exists in IBM Jazz Foundation, which allows remote attackers to exploit the vulnerability by submitting a special URI request and tricking the user into parsing it, which...

CVE-2021-1257

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35727

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35204

Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer support...

CVE-2020-35724

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter or indirectly via the cpr, tcp, or abs parameter. NOTE: This vulnerability only affects products that are no...