8005 matches found
CVE-2026-1966
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
CVE-2025-36033
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
Microsoft Edge for Android 安全漏洞
Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There is a security vulnerability in Microsoft Edge for Android, which stems from improper presentation of key user interface information. This vulnerability may allow unauthorized...
PT-2026-6635
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based for Android affected versions not specified Description A flaw in Microsoft Edge for Android allows an attacker to conduct spoofing attacks over a network by misrepresenting critical information in the user...
CVE-2023-38017
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2023-38017
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2023-38017 Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
EUVD-2023-41844
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2023-38017
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2026-25054
CVE-2026-25054 affects n8n, an open source workflow automation platform. The vulnerability is a stored Cross-site Scripting (XSS) in the markdown rendering component used in the UI (including workflow sticky notes and other markdown areas). An authenticated user with permission to create/modify w...
IBM Cloud Pak System 安全漏洞
IBM Cloud Pak System is a fully configurable and pre-integrated software-based full-stack, integrated infrastructure provided by IBM. This product supports deployment across hybrid cloud environments, as well as management and mobile application scenarios. There is a security vulnerability in IBM...
CVE-2025-36033
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
CVE-2025-36033
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
CVE-2025-36033
CVE-2025-36033 affects IBM Engineering Lifecycle Management - Global Configuration Management (Jazz Foundation) versions 7.0.3 with iFix017 and 7.1.0 with iFix004. The issue is a cross-site scripting vulnerability that allows an authenticated user to inject JavaScript into the Web UI, potentially...
CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
CVE-2025-36033
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
Moodle Cross-site Scripting (XSS) vulnerability
A flaw was found in Moodle. This Cross-site Scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...