16792 matches found
PT-2026-27795
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web-based management interface of the Cisco IOx application hosting environment. This issue could allow a remote attacker with valid administrative...
PT-2026-27793
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw exists in the web-based management interface that may allow a remote attacker with valid credentials to perform a cross-site scripting XSS attack against a user...
Cisco Catalyst SD-WAN Manager XSS (cisco-sa-vmanage-xss-ZqkhP9W9)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user ...
CVE-2026-33344 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG
Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...
Linux Distros Unpatched Vulnerability : CVE-2026-30924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also...
Harbor allows the use of the default password for web UI login
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...
CVE-2026-4404
CVE-2026-4404 affects Harbor
CVE-2026-4497 Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection
A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...
Yi Technology YI Home Camera 2 访问控制错误漏洞
The Yi Technology YI Home Camera 2 is an intelligent home camera device developed by China's Yi Technology Company. The version 2.1.120171024151200 of the Yi Technology YI Home Camera 2 has a vulnerability related to access control. This vulnerability stems from a lack of authentication in the...
CVE-2026-32721
A flaw was found in LuCI, the OpenWrt Configuration Interface. A remote attacker can exploit a stored Cross-Site Scripting XSS vulnerability in the wireless scan modal by crafting a malicious Wi-Fi network name SSID. When a user opens the wireless scan modal, the unsanitized SSID is rendered as r...
CVE-2026-30924
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
CVE-2026-30924
CVE-2026-30924 affects the web interface for managing qBittorrent instances (qui). Versions 1.14.1 and earlier are reported to have a permissive CORS policy that reflects arbitrary origins and returns Access-Control-Allow-Credentials: true, enabling a logged-in user’s session to be leveraged by a...
CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
Vulnerabilities fixed in Cisco Secure Firewall Management Center
The vulnerability with reference CVE-2026-20079 is located in the web interface of Cisco Secure Firewall Management Center. An unauthenticated remote malicious party can bypass authentication controls by exploiting an incorrect system process created at startup. The malicious party can exploit th...
CVE-2025-15051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2025-15051 IBM QRadar SIEM Cross-Site Scripting
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2025-15051 IBM QRadar SIEM Cross-Site Scripting
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2026-1276 IBM QRadar SIEM Cross-Site Scripting
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
PT-2026-26450
Name of the Vulnerable Software and Affected Versions LuCI versions prior to 24.10.5 and 25.12.0 Description LuCI, the OpenWrt Configuration Interface, is affected by a stored Cross-Site Scripting XSS issue within the wireless scan modal. The system renders SSID values from scan results as raw HT...
IBM QRadar SIEM 跨站脚本漏洞
IBM QRadar SIEM is a solution developed by the American multinational company IBM, designed to protect assets and information from advanced threats using security intelligence. This solution provides features such as monitoring across the entire IT infrastructure and generating detailed reports o...