8006 matches found
CVE-2025-53679
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...
EUVD-2025-202237
User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-41692
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-41692
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-41692 Weak/Predictable root Password
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-42873 Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)
SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...
CVE-2025-42873 Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)
SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...
NiceGUI 跨站脚本漏洞
NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A cross-site scripting vulnerability exists in NiceGUI 3.3.1 and earlier versions, which stems from insufficient cleanup and escaping of the ui.addcss, ui.addscss, and ui.addsass functions, and could lead to a reflectiv...
KLA90811 Multiple vulnerabilities in Microsoft Product (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, spoof user interface, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a...
SAP SAPUI5 安全漏洞
SAP SAPUI5 is a JavaScript application framework from SAP, a German company. A security vulnerability exists in SAP SAPUI5 that stems from the use of outdated third-party libraries resulting in an infinite loop, which could result in a denial-of-service attack...
PT-2025-50199
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description A flaw in Microsoft Exchange Server’s user interface UI can lead to the misrepresentation of critical information. This allows an unauthorized attacker to perform spoofing...
KLA90818 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Memory safety...
Server-side Request Forgery (SSRF)
Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the x-zitadel-forward-host header handling in the login UI. An attacker can access internal resources and...
EUVD-2025-201809
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...
CVE-2025-65230
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...
CVE-2025-65231
Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting XSS in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page...
CVE-2025-65231
Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting XSS in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page...
CVE-2025-13637
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. Chromium security severity: Low...
CVE-2025-65230
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...
CVE-2025-65230
CVE-2025-65230 affects Barix Instreamer v04.06 and v04.05. The vulnerability is a stored cross-site scripting (XSS) flaw in the Web UI Configuration Streaming Destination input. According to the provided metrics, the CVSSv3.1 base score is 5.4 (Medium), with attack vector Network, attack complexi...