CVE-2023-38017

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters in the Web management interface...

Cisco Meeting Management (CMM) Code Issues Vulnerability

Cisco Meeting Management CMM is a management tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A code issue vulnerability exists in Cisco Meeting Management that stems from improper input validation in certain parts of the web-based management interface, whic...

CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

CVE-2026-20111

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

GHSA-3P7X-94Q9-JQ9X pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

EUVD-2026-5528

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

CVE-2025-70545

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

CVE-2026-1633

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

YugabyteDB Anywhere 安全漏洞

YugabyteDB Anywhere is a database offered by the American company YugabyteDB. There is a security vulnerability in YugabyteDB Anywhere, which stems from the web interface displaying LDAP binding passwords in plain text. This vulnerability may allow authenticated users to obtain credentials, leadi...

PT-2026-6551

Name of the Vulnerable Software and Affected Versions YugabyteDB Anywhere affected versions not specified Description YugabyteDB Anywhere reveals LDAP bind passwords in plain text within its web user interface. An authenticated user who can access the configuration view may be able to obtain thes...

EPSON WF-2750 Improper Neutralization of Input During Web Page Generation (CVE-2018-14899)

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

CVE-2023-38017

CVE-2023-38017 affects IBM Cloud Pak System and related IBM Cloud Pak components, with a cross-site scripting vulnerability in the Web UI that could allow arbitrary JavaScript execution and credentials disclosure in a trusted session. Publicly documented details show affected versions for IBM Clo...

CVE-2026-24434

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

CVE-2026-20111

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

CVE-2026-20111

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...