164 matches found
CVE-2026-13083
CVE-2026-13083 concerns the Pen Drive report generator, where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization, enabling stored XSS. An attacker with cluster administrator privileges can inject XSS payloads into cluster objects (e.g., ClusterVersion spec....
ember
🔥 Ember AI systems burn brightly but hide their secrets. Em...
📄 Bloomberg Memray Cross Site Scripting
Bloomberg Memray prior to versions 1.19.2 rendered the command line of the tracked process directly into generated HTML reports without escaping, allowing for cross site scripting attacks. CVE-2026-32722 Bloomberg Memray’s Stored XSS via Unescaped Command-Line Metadata Intro I found this issue...
UBUNTU-CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
GHSA-R5PR-887V-M2W9 Stored XSS in Memray-generated HTML reports via unescaped command-line metadata
Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...
web-vulnerability-scanner
web-vulnerability-scanner Pyth...
CVE-2026-24443
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...
CVE-2026-24443
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...
CVE-2026-24443
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...
CVE-2026-24443 EventSentry < 6.0.1.20 Web Reports Unverified Password Change
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...
CVE-2026-24443
EventSentry
CVE-2026-24443
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...
CVE-2026-24443 EventSentry < 6.0.1.20 Web Reports Unverified Password Change
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...
PT-2026-21798
Name of the Vulnerable Software and Affected Versions EventSentry versions prior to 6.0.1.20 Description EventSentry has a flaw where passwords can be changed without verifying the current password through the account management functionality within the Web Reports interface. An attacker gaining...
NETIKUS EventSentry 安全漏洞
NETIKUS EventSentry is a network monitoring software developed by the American company NETIKUS. Versions of NETIKUS EventSentry prior to 6.0.1.20 contained security vulnerabilities. These vulnerabilities stemmed from the unvalidated password change mechanism in the account management feature of t...
Exploit for CVE-2025-63420
CVE-2025-63420 CrushFTP11 before 11.3.757 is vulnerable to s...
EUVD-2002-0701
Malware in sbrugna...
EUVD-2002-0700
Malware in sbrugna...
EUVD-2002-0697
Malware in sbrugna...
EUVD-2018-13022
Malware in sbrugna...