16807 matches found
CVE-2026-28771
A Reflected Cross-Site Scripting XSS vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the cat...
CVE-2026-28770
CVE-2026-28770 affects IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The issue is improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script, where input from the file parameter is echoed unsanitized into a CDATA block, enabling an a...
CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
CVE-2026-28770
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101
Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...
SUSE CVE-2026-25232
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the improper checking of attachment file names in GINA...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by International Datacasting. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiver Web...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...
Hitachi Energy RTU500 Product Improper Handling of Insufficient Permissions or Privileges (CVE-2026-1772)
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. This plugin only works with Tenable.ot...
CVE-2026-3343
A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...
CVE-2026-3343
CVE-2026-3343 is a reflected XSS in Fireware OS Web UI affecting Fireware OS versions 12.7–12.11.7 and 2025.1–2026.1.1. The vulnerability allows execution of malicious JavaScript in the context of an authenticated management user’s browser when they click a specially crafted link. The CVSS 4.0 ba...
Red Hat Quay 安全漏洞
Red Hat Quay is a distributed container image repository provided by the American company Red Hat. It is primarily used for building, distributing, and deploying containers. Red Hat Quay has a security vulnerability, which stems from a web interface vulnerability involving server request forgery...
CVE-2026-0654
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
CVE-2026-0654
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
EUVD-2026-9216
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
CVE-2026-0654
CVE-2026-0654 describes an OS command injection in the TP-Link Deco BE25 v1.0 administration web interface. The root cause is improper input handling that allows crafted input via a configuration file to be executed, enabling an authenticated adjacent attacker to run arbitrary commands. Affected ...
SUSE-SU-2026:20535-1 Security update for cups
This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients bsc1244057. - CVE-2025-58060: authentication bypass with AuthType...