8005 matches found
CVE-2025-67849
A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...
CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses
A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...
EUVD-2025-206737
A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...
PT-2026-5896
Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management - Global Configuration Management versions 7.0.3 through 7.0.3 Interim Fix 017 IBM Engineering Lifecycle Management - Global Configuration Management versions 7.1.0 through 7.1.0 Interim Fix 004 Description...
Fedora 42 : openttd (2026-216041a3e7)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-216041a3e7 advisory. 15.x 15.1 2026-01-24 - Fix 15088: When building a new train, the refit button state may be incorrect 15162 - Fix 15160: Incorrect company names displayed in...
GHSA-G8P2-7WF7-98MQ OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
Summary The Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload. Clicking a crafted link or visiting a malicious site can send the token to an attacker-controlled server. The attacker ca...
CVE-2025-36436
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...
CVE-2025-36436
CVE-2025-36436 affects IBM Cloud Pak for Business Automation (CPBA). The vulnerability is a stored cross-site scripting (XSS) flaw in the Web UI that can be triggered by an authenticated user, potentially allowing arbitrary JavaScript execution and credential disclosure within a trusted session. ...
CVE-2025-36436 Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...
GO-2026-4351 Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims in github.com/controlplaneio-fluxcd/flux-operator
Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims in github.com/controlplaneio-fluxcd/flux-operator...
WordPress Easy WP SMTP by SendLayer plugin <= 2.3.0 - Exposure of Sensitive Information via the UI vulnerability
Exposure of Sensitive Information via the UI vulnerability discovered by Finsand in WordPress Plugin Easy WP SMTP versions = 2.3.0...
CVE-2025-9974
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...
CVE-2025-9974
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...
CVE-2025-9974 Insufficient Input Validation on WEBUI in Nokia ONT/Beacon product
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...
EUVD-2025-206613
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...
CVE-2025-9974
The CVE-2025-9974 entry concerns the unified WEBUI of Nokia ONT/Beacon devices. The issue is an input handling flaw in the WEBUI that, due to insufficient validation of user-supplied data, allows authenticated users with low privileges to trigger system-level command execution on the underlying O...
Nokia ONT 安全漏洞
Nokia ONT is a fiber-optic network terminal device developed by Finnish company Nokia. Nokia ONT has a security vulnerability, which stems from defects in its unified WEBUI application programming. This vulnerability may allow low-privilege users who are authenticated to execute arbitrary...
PT-2026-5701
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...
PT-2026-5645
Name of the Vulnerable Software and Affected Versions ONT/Beacon devices affected versions not specified Description The unified WEBUI application contains a flaw in how it handles user input. This allows authenticated users to potentially execute commands on the underlying operating system...
capstone-poc
Capstone Proof of Concept 1. Create the UI using the run fu...