CVE-2026-34055 OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

CVE-2026-34055

OpenEMR contains an IDOR in the web UI: legacy patient notes updates/deletes in library/pnotes.inc.php use WHERE id = ? without verifying the note belongs to the user’s accessible patient. Multiple web UI callers pass user-controlled note IDs, enabling unauthorized access/modification. Affects ve...

CVE-2026-2483 IBM InfoSphere Information Server Cross-Site Scripting

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2026-1001

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

EUVD-2026-15437

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

CVE-2026-1001

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

CVE-2026-1001

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

CVE-2026-20108

The CVE-2026-20108 affects Cisco Catalyst SD-WAN Manager’s web-based management interface. The issue is insufficient validation of user input , enabling an authenticated, remote attacker to entice a user to click a crafted link and trigger cross-site scripting . Successful exploitation could exec...

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

CVE-2026-20112

Cisco IOx web-based management interface in Cisco IOS XE is affected by a stored XSS vulnerability due to insufficient input validation. An attacker with valid administrative credentials could inject malicious code into specific pages, potentially executing scripts in the browser context or acces...

CVE-2026-20112

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Th...

CVE-2026-20113

The CVE affects the web-based Cisco IOx application hosting environment management interface in Cisco IOS XE Software. It arises from insufficient input validation and enables a remote, unauthenticated attacker to perform a CRLF injection, potentially injecting or altering log entries and obscuri...

Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

CVE-2026-4760

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

SUSE CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default 1 year. A...

SUSE CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low-privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

PT-2026-27796

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web-based Cisco IOx application hosting environment management interface that could allow a remote attacker to inject carriage return line feed CRLF...

PT-2026-28077

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server 11.7.1.6 and earlier had a cross-si...