8 matches found
EUVD-2026-34982
A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...
CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting
A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...
Emby Server < 4.8.1.0 XSS Vulnerability
Emby Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-58065
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
CVE-2022-4521
A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...
PT-2022-6908 · Atlassian · Crucible +1
Name of the Vulnerable Software and Affected Versions: Fisheye and Crucible versions prior to 4.8.9 Description: The issue is related to insufficient protection of service data in Fisheye and Crucible, allowing a remote attacker to gain unauthorized access to protected information. The...
PT-2020-10162 · Wowza · Wowza Streaming Engine
Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.8.5 Description: The issue allows an authenticated user with access to proxy license editing to insert a malicious payload that will be triggered in the main page of server settings. This is a case o...
PT-2008-3624 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.4.7 PHP versions 5.x through 5.2.4 Description: The issue arises from the GENERATE SEED macro, which, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion...