Pi-hole Web Interface 跨站脚本漏洞

Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface versions prior to 6.3, which stems from improper input cleanup in the Address field and could lead to a cross-site scripting attack...

PT-2025-44013

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 Description IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is susceptible to stored cross-site scripting. An authenticated user can inje...

Pi-hole Web Interface 跨站脚本漏洞

Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface 6.2.1 and prior versions, which stems from a 404 error page that is not properly cleaned up or escapes the URL path, and could lead to a reflective...

CVE-2025-12284 Lack of Input Validation

Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Exploit for CVE-2023-49440

CVE-2023-49440-POC Vulnerable Version: Ahab EPP Management v...

Exploit for CVE-2025-53533

Cross-Site-Scripting XSS in Pi-hole-CVE-2025-53533 exploit Po...

Exploit for CVE-2014-6324

AD Exploit Framework 🔴 CHỈ SỬ DỤNG CHO MỤC ĐÍCH HỌC TẬP VÀ...

PT-2025-43754

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description A lack of input validation in the web user interface could allow for potential exploitation. The issue affects the web UI component. Recommendations Update BLU-IC2 to ...

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

EUVD-2025-35687

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

CVE-2025-1679

CVE-2025-1679 and CVE-2025-1680 concern Moxa Ethernet switches. CVE-2025-1679 is a stored Cross-site Scripting (XSS) in the device web interface: an authenticated admin can inject scripts that affect authenticated users, with impact on the subsequent system’s confidentiality and integrity but not...

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

CVE-2025-60772

Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

CVE-2025-60772

Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests...

CVE-2025-6542 OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-60772

CVE-2025-60772 targets NETLINK HG322G with V1.0.00-231017 firmware. The issue is improper authentication in the device’s web-based management interface, enabling a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests. CVSS 3.1 ...

EUVD-2025-35203

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...