107 matches found
Unity Linux 20.1060e / 20.1070e Security Update: ganglia (UTSA-2026-016671)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016671 advisory. ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php cs parameter. Tenable has extracted the preceding description block directly from th...
CVE-2026-33334
Vikunja Desktop (Electron wrapper) versions before 2.2.0 enable nodeIntegration in the renderer without contextIsolation or sandbox. This allows a cross-site scripting (XSS) vulnerability in the Vikunja web frontend to escalate to full remote code execution on the victim’s machine, as injected sc...
CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...
CVE-2026-27894
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...
PT-2026-4342
Name of the Vulnerable Software and Affected Versions IAQS and I6 affected versions not specified Description A security flaw exists in IAQS and I6 developed by JNC, allowing unauthenticated remote attackers to obtain administrator privileges. This is due to a client-side enforcement of server-si...
CVE-2026-1223
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...
CVE-2026-1223
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...
CVE-2026-1223
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...
CVE-2026-1223 BROWAN COMMUNICATIONS |PrismX MX100 AP controller - Insufficiently Protected Credentials
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...
CVE-2026-1223
Summary: CVE-2026-1223 affects the PrismX MX100 AP controller by Browan Communications, describing an Insufficiently Protected Credentials vulnerability that could allow privileged remote attackers to obtain SMTP plaintext passwords via the web frontend. The available documents do not specify aff...
PT-2026-3543
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...
CVE-2021-31740
SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities XSS...
CVE-2025-30188
Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...
CVE-2025-41705
An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...
EUVD-2025-34146
An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...
PT-2025-41855
Name of the Vulnerable Software and Affected Versions Webfrontend affected versions not specified Description An unauthenticated remote attacker performing a man-in-the-middle MITM attack can intercept websocket messages. This interception allows access to login credentials for the Webfrontend. T...
EUVD-2019-10931
Malware in sbrugna...
EUVD-2005-2031
Malware in sbrugna...
EUVD-2021-18624
Malware in sbrugna...
EUVD-2019-10930
Malware in sbrugna...