20 matches found
CVE-2026-26002
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
EUVD-2026-1405
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...
ChurchCRM 跨站脚本漏洞
ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and coding when storing user-entered HTML/JS, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted...
LibreNMS 跨站脚本漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.11.0, which...
CVE-2016-15049
Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...
Fides 安全漏洞
Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.69.1 that stems from a...
JVN#46919949: PgManage vulnerable to injection
PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Impact A user of the affected product may escape a sandbox and execute arbitrary code. Solution...
PT-2025-7076
Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.16.0 Description: Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application...
WordPress plugin jQuery TwentyTwenty 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Ivanti Connect Secure Security Vulnerability
Ivanti Connect Secure is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in versions prior to Ivanti Connect Secure 22.6R2 that stems from the presence of a Denial of Service DoS vulnerability...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CodeIgniter Shield Security Vulnerabilities
CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. A security vulnerability exists in CodeIgniter Shield versions prior to 1.0.0-beta.8 that stems from the use of plaintext to store sensitive information in HMAC SHA256 authentication...
Intel Driver and Support Assistant Cross-Site Scripting Vulnerability
Intel Driver and Support Assistant is an Intel Driver and Support Assistant application from Intel Corporation USA. The program is mainly used to detect and install system driver updates. A security vulnerability exists in Intel Driver and Support Assistant versions prior to 23.1.9. An attacker c...
M-Files Hubshare 授权问题漏洞
M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents and collaborative content. A security vulnerability exists in versions of M-Files Hubshare prior to 3.3.11.3, which stems from imperfect access control of its PDFtron data allowing an...
Singularity Image Format 安全特征问题漏洞
Singularity is an open source container management platform from the Singularity team Singularity. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. A security vulnerability exists in versions...
Gradle Enterprise Export API Authentication Vulnerability
Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise prior to version 2020.2.4. The vulnerability stemmed from an unrestricted cross-domain request for read-only data in the Export API. An attacker...
MetaIO SDK for Android Arbitrary Code Execution Vulnerability
MetaIO SDK for Android is a software development kit for building augmented reality applications based on the Android platform. A security vulnerability exists in versions of MetaIO SDK for Android prior to 6.0.2.1. The vulnerability can be exploited to execute arbitrary code via the finalize...
MantisBT Cross-Site Scripting Vulnerability (CNVD-2017-28224)
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 1.2.19 and prior to 1.3.0-beta.2. A remote...
XSS vulnerability in bookmarks - ownCloud
A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ Affected Software ownCloud Server 4.5.5 CVE-2013-5666 ownCloud Server 4.0.10 CVE-2013-5666 Action Taken It is...