EUVD-2026-4337

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.8...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...

CVE-2022-33708

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege...

CVE-2023-37535

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...

CVE-2023-37482

The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2022-33751

creationtimestamp| type| source ---|---|--- 2022-06-17 02:22:17+00:00| seen| https://t.me/cibsecurity/44711...

CVE-2022-33739

creationtimestamp| type| source ---|---|--- 2022-06-17 02:21:55+00:00| seen| https://t.me/cibsecurity/44697...