Path Traversal

Hono is vulnerable to Path Traversal. The vulnerability is due to a path traversal issue in toSSG, where specially crafted values can cause generated file paths to escape the intended output directory, and attackers who can influence values passed to ssgParams during the build process may be able...

CVE-2026-39408

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

CVE-2026-39408

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

Vulnerabilities affecting Endress+Hauser SSG-E210GC

Several vulnerabilities in the Endress+Hauser SSG-E210GC product were discoverd. The advisory includes a total of 23 vulnerabilities, of which 14 are confirmed as affected and 9 as known not affected...

scap-security-guide bug fix and enhancement update

An update is available for scap-security-guide. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The scap-security-guide project provides a guide for configuratio...

scap-security-guide bug fix and enhancement update

An update is available for scap-security-guide. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The scap-security-guide project provides a guide for configuratio...

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0212)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0212 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG...

CVE-2023-22942

In Splunk Enterprise, a cross-site request forgery vulnerability affects the Splunk Secure Gateway (SSG) app via the kvstore_client REST endpoint. Affected versions are below 8.1.13, 8.2.10, and 9.0.4. The issue, described across multiple sources, allows an attacker to update SSG KV store collect...

CVE-2023-22942 Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG app in the ‘kvstoreclient’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request...

openscap bug fix and enhancement update

The OpenSCAP suite enables integration of the Security Content Automation Protocol SCAP line of standards. The openscap packages provide the OpenSCAP library and the oscap utility that provides various SCAP capabilities. Bug Fixes and Enhancements: Error when scanning DISA-STIG OpenSCAP profile o...

ALBA-2021:4099 openscap bug fix and enhancement update

The OpenSCAP suite enables integration of the Security Content Automation Protocol SCAP line of standards. The openscap packages provide the OpenSCAP library and the oscap utility that provides various SCAP capabilities. Bug Fixes and Enhancements: Error when scanning DISA-STIG OpenSCAP profile o...

ssg.co.uk Cross Site Scripting vulnerability OBB-1495749

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ssg-dynamit.de XSS vulnerability

Open Bug Bounty ID: OBB-637624 Description| Value ---|--- Affected Website:| ssg-dynamit.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ssg-stormvogel.de XSS vulnerability

Open Bug Bounty ID: OBB-601854 Description| Value ---|--- Affected Website:| ssg-stormvogel.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

shinsegaemall.ssg.com XSS vulnerability

Open Bug Bounty ID: OBB-549293 Description| Value ---|--- Affected Website:| shinsegaemall.ssg.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK)

The version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper's products do not support Fast BSS Transition...

Juniper SSG Series device ScreenOS cross-site scripting vulnerability (CNVD-2017-23955)

The Juniper SSG Series is a family of firewall appliances from Juniper Networks.ScreenOS is one of the operating systems. A cross-site scripting vulnerability exists in Firewall+VPN in ScreenOS on Juniper SSG Series devices. A remote attacker can exploit this vulnerability to inject HTML/JavaScri...

CVE-2017-2338

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...

CVE-2017-2337

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...

CVE-2017-2339

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...