CVE-2026-32424

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through = 3.2.2...

Subrion CMS 3.2.2 Cross Site Scripting

A cross site scripting vulnerability exists in Subrion CMS version 3.2.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

CVE-2025-68570

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through = 3.2.2...

CVE-2025-64167

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack leading to JS execution when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was deprecated. They use export-v2.php instead...

CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...

CVE-2025-47286 Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...

PT-2025-46185

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 and 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to a cross-site scripting issue when a dashboard is rendered via an AJAX call. The issue occurs when rendering a...

Important: pcs

Issue Overview: Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid...

CVE-2022-32259

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with...

CVE-2025-32218

Missing Authorization vulnerability in RealMag777 TableOn posts-table-filterable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TableOn: from n/a through = 1.0.5.1...

CVE-2022-23221

creationtimestamp| type| source ---|---|--- 2024-02-09 02:16:41+00:00| seen| https://t.me/ctinow/181760...

CVE-2022-46361

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

GHSA-3PGJ-PG6C-R5P7 OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI

Impact - Attacker providing malicious redirect uri can cause DoS to oauthlib's web application. - Attacker can also leverage usage of urivalidate functions depending where it is used. What kind of vulnerability is it? Who is impacted? Oauthlib applications using OAuth2.0 provider support or use...

Northern.tech Mender Enterprise 跨站请求伪造漏洞

Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from a cross-domain websocket hijacking allowed via the Deviceconnect microservice from 1.3.0...

PYSEC-2021-439

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

DEBIAN-CVE-2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable for a daemon crash on systems not using this feature if a crafted cookie is supplied...

DEBIAN-CVE-2020-7774

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution...

VMware AirWatch Launcher for Android UI Elevation of Privilege Vulnerability

VMware AirWatch is a suite of enterprise mobility management solutions from VMware, Inc. and VMware AirWatch Launcher for Android is one of the launchers based on the Android platform. A privilege extraction vulnerability exists in versions of VMware AirWatch Launcher for Android prior to 3.2.2. ...