CVE-2025-27852

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages, related to insufficient protection of sensitive data, allows attackers to execute spear-phishing attacks.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to insufficient protection of sensitive data. Exploiting this vulnerability allows a malicious actor to execute a spear-phishing attack, provided that the user is directed to a specific link and opens ...

CVE-2020-10508

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

Nextcloud: Circle email-members have still access to a shared folder/file after they are removed from the circle

If a email-address is added to a circle, the email user has still access after the email-address is removed from the circle. Requirements ------- circles app and share by mail app enabled Steps to reproduce ------------- 1. add an email address to a circle 2. share a folder/file with the circle 3...

Look411.com Cross Site Scripting

WhiteHatZone Vulnerable : http://www.look411.com/ Script : alert'XSS found by Girish Shrimali'; Vulnerable link : http://www.look411.com/?p=numbersearch&q=%3Cscript%3Ealert%28%27XSS+found+by+Girish+Shrimali%27%29%3B%3C%2Fscript%3E&country=US Greetz : Vidit Baxi, Sumit Pareek...