CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

EUVD-2019-3245

Malware in sbrugna...

CVE-2025-30818

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mlaza jAlbum Bridge jalbum-bridge allows DOM-Based XSS.This issue affects jAlbum Bridge: from n/a through = 2.0.17...

WordPress plugin Radcliffe security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2024-31243

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17...

WordPress plugin Bricksforge security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

He3 Security breaches

He3 is a developer toolkit. A security vulnerability exists in He3 version 2.0.17 that originates from allowing remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

PT-2024-20844 · He3 App · He3 App

Name of the Vulnerable Software and Affected Versions: He3 App for macOS version 2.0.17 Description: An issue in He3 App for macOS allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. Recommendations: For He3 App for macOS version 2.0.17,...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the startdocument function in psychemitter.c. Passing in a malicious tags array can trigger a crash. PoC: ruby require 'Psych' $tags = puts "+ Start" f = File.new"newfile", "w+" emitter = Psych::Emitter.new...

uWSGI Directory Traversal vulnerability

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

Simple Machines Forum Code Issue Vulnerability

Simple Machines Forum SMF is an open source web forum system by the SMF team in the United States. A code issue vulnerability exists in Simple Machines Forum SMF release prior to version 2.0.17. No details of the vulnerability are available at this time...

uWSGI Directory Traversal Vulnerability

uWSGI is a software application designed to develop a complete stack for building managed services. A directory traversal vulnerability exists in uWSGI prior to 2.0.17. The vulnerability arises because uWSGI fails to properly handle DOCUMENTROOT checks during the use of the --php-docroot option,...

Directory traversal

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

PYSEC-2018-78

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

ALPINE-CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

PT-2018-18100 · Uwsgi +1 · Uwsgi +1

Name of the Vulnerable Software and Affected Versions: uWSGI versions prior to 2.0.17 Description: The issue arises from the mishandling of a DOCUMENT ROOT check during the use of the --php-docroot option, allowing directory traversal. Recommendations: For versions prior to 2.0.17, update to...

GLSA-201310-20 : acpid2: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201310-20 acpid2: Privilege escalation acpid2 does not properly use the pidof program in powerbtn.sh. Impact : A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time. %NASLMINLEVEL...

phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability

This host is installed with phpMyFAQ and is prone to Cross Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodphpmyfaqgetxssvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 SecPod,...