325 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-13976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentiall...
Linux Distros Unpatched Vulnerability : CVE-2026-52938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the stora...
SolidInvoice 跨站脚本漏洞
SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from the company logo upload feature not verifying file types. As a result, authenticated...
QloApps 跨站脚本漏洞
QloApps is an open-source hotel management and reservation system developed by QloApps. Versions of QloApps 1.7.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting vulnerability in the administrator’s file manager. It...
CVE-2025-67448
The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...
HAX 安全漏洞
HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX 26.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /system/api/saveNode endpoint, which had a storage-oriented cross-site scripting vulnerability. Users with edit...
LinkAce 跨站脚本漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw. Low-privilege users could se...
WordPress plugin Events In City 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. In...
EUVD-2021-8780
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...
PT-2026-42758
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.6.3 Description An insecure storage of sensitive information allows an unauthenticated attacker with local access to potentially gain unauthorized access to sensitive data. Recommendations Update to a...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of after-free in Storage in Google Chrome before version 141.0.7390.65 allowed a remote attacker to execute arbitrary code through a crafted video file. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Before version 105.0.5195.125, writing out of bounds in Storage using Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞
Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...
The vulnerability of the software for storing and analyzing distributed tracebacks of Grafana Tempo, related to the storage of information in an open manner, allows a perpetrator to gain unauthorized access to the protected information.
The vulnerability of the software for storing and analyzing distributed tracebacks of Grafana Tempo involves the storage of information in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Stored-XSS-Vulnerability-Lab-Detection-Mitigation-
Stored Cross-Site Scripting XSS Vulnerability Report Exe...
WeGIA 跨站脚本漏洞
WeGIA is a web manager for welfare institutions developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Description field in the funcionario/profilefuncionario.php endpoint not being cleaned properly, which...
Incus Vulnerable to Panic via Snapshot Bounds Check
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The backup restore...
Notesnook 跨站脚本漏洞
Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook for Web/Desktop prior to 3.3.15, as well as versions for iOS/Android prior to 3.3.20, had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for...