CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CISA Software Acquisition Guide Supplier Response Web Tool 安全漏洞

CISA Software Acquisition Guide Supplier Response Web Tool is an interactive Web tool from the CISA organization in the United States. A security vulnerability exists in versions of the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which stems from a cross-site...

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

EUVD-2025-15961

Malicious code in bioql PyPI...

trashhost

xss tool and sqli detector...

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

CVE-2025-44897

The CVE-2025-44897 issue affects FW-WGS-804HPT v1.305b241111, with a stack overflow discovered in the bytftp_srvip parameter of the web_tool_upgradeManager_post function. Reported CVSSv3.1 is 9.8 (CRITICAL) with NETWORK attack vector, no user interaction, and impacts to confidentiality, integrity...

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

PT-2025-22306 · Unknown · Fw-Wgs-804Hpt

Name of the Vulnerable Software and Affected Versions: FW-WGS-804HPT version 1.305b241111 Description: A stack overflow issue was discovered via the bytftp srvip parameter in the web tool upgradeManager post function. Recommendations: For FW-WGS-804HPT version 1.305b241111, consider disabling the...

Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

By Waqas Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce! This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted...

Torbot Security Vulnerabilities

TorBot is an open source intelligence tool for the dark web. Torbot has a security vulnerability. An attacker exploits the vulnerability to cause an application to crash using specially crafted parameters...

Siemens SINEC NMS 命令注入漏洞

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A command injection vulnerability exists in Siemens SINEC INS, which...

CVE-2017-2101

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors...

phpMyAdmin cross-site scripting vulnerability (CNVD-2016-12700)

phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in phpMyAdmin. Due to the use of a vulnerable JavaScript library, an attacker can exploit the vulnerability to launch a cross-site scripting attack...

PHPmongoDB 1.0.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link:...

Samba Web Administration Tool vulnerable to cross-site scripting

Overview Samba Web Administration Tool contains a cross-site scripting vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. nobuhiro tsuji...