1417 matches found
CVE-2020-37032 Wing FTP Server 6.3.8 - Remote Code Execution
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...
PT-2026-5473
Name of the Vulnerable Software and Affected Versions Wing FTP Server version 6.3.8 Description The software contains a remote code execution issue in its Lua-based web console. Authenticated users can execute system commands by sending malicious commands via POST requests. The os.execute functio...
Wing FTP Server: Operating System Command Injection Vulnerability
Wing FTP Server is an open-source, cross-platform FTP server software developed by Wing FTP Server. Version 6.3.8 of Wing FTP Server contains a vulnerability related to operating system command injection. This vulnerability stems from the command execution feature in the Lua-based Web console,...
An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account
AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had with the company’s stuffed animals...
CVE-2026-0824
A flaw was found in QuestDB UI. A remote attacker could exploit a cross-site scripting XSS vulnerability by manipulating the Web Console component. This could allow the attacker to inject malicious scripts into web pages, potentially leading to information disclosure or arbitrary code execution i...
Cross-site Scripting (XSS)
Overview @questdb/web-console is a QuestDB Web Console Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Web Console component. An attacker can inject and execute arbitrary scripts by submitting crafted input that is not properly sanitized. Details Cross-site...
GHSA-XF94-H87H-G9WR QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
CVE-2026-0824
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
CVE-2026-0824 questdb ui Web Console cross site scripting
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
CVE-2026-0824 questdb ui Web Console cross site scripting
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
CVE-2026-0824
CVE-2026-0824 affects QuestDB UI Web Console (up to version 1.11.9). The vulnerability is an XSS in an unknown Web Console function that can be exploited remotely. Public exploits are reported, and a fix is planned for QuestDB 9.3.0 with a patch identified as b42fd9f18476d844ae181a10a249e003dafb8...
EUVD-2026-1842
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
questdb 代码注入漏洞
questdb is QuestDB open source a high-performance, time series database. Code injection vulnerability exists in questdb 1.11.9 and earlier versions , the vulnerability stems from a cross-site scripting vulnerability in the Web Console component , which could lead to cross-site scripting attacks...
PT-2026-2029
Name of the Vulnerable Software and Affected Versions questdb ui versions up to 1.11.9 Description A security flaw exists in the Web Console component of questdb ui, potentially leading to cross-site scripting. The issue is remotely exploitable, and an exploit has been publicly released. The...
Exploit for Improper Access Control in Rubyonrails Web_Console
CVE-2015-3...
CVE-2021-41878
A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...
CVE-2019-20487
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request exploitable directly or through CSRF, as demonstrated by the setup.cgi?todo=savehtpaccount URI...
CVE-2024-34545
Improper input validation in some IntelR RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access...
CVE-2019-11543
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1...