16820 matches found
Cisco Cyber Vision Center 跨站脚本漏洞
Cisco Cyber Vision Center is a suite of detection and analysis platforms from Cisco. A cross-site scripting vulnerability exists in Cisco Cyber Vision Center that stems from insufficient validation of inputs to the web-based management interface, which could lead to a cross-site scripting attack...
Cisco Cyber Vision Center 跨站脚本漏洞
Cisco Cyber Vision Center is a suite of detection and analysis platforms from Cisco. A cross-site scripting vulnerability exists in Cisco Cyber Vision Center that stems from insufficient validation of inputs to the web-based management interface, which could lead to a cross-site scripting attack...
CVE-2025-36132
CVE-2025-36132 affects IBM Planning Analytics Local (IBM Planning Analytics Workspace) with versions 2.0.0–2.0.106 and 2.1.0–2.1.13. A cross-site scripting vulnerability allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to ...
[SECURITY] Fedora 41 Update: nextcloud-31.0.9-1.fc41
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 42 Update: nextcloud-31.0.9-1.fc42
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
PT-2025-40022
Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.0.0 through 2.0.106 IBM Planning Analytics Local versions 2.1.0 through 2.1.13 Description An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering intended...
CVE-2025-30247
An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arbitrary system commands via a specially crafted HTTP POST...
CVE-2025-36352 IBM License Metric Tool cross-site scripting
IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...
Exploit for Code Injection in Langflow
It is an offensive tool for web exploitation. The target product...
CVE-2025-36239
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39904)
A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send ...
Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39905)
A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send ...
PT-2025-39827
Name of the Vulnerable Software and Affected Versions Obsidian Scheduler versions 5.0.0 through 6.3.0 Description A security issue exists in the Obsidian Scheduler REST API. If an account is locked out due to not enrolling in Multi-Factor Authentication MFA, the REST API continues to permit the u...
GE UR family Improper Input Validation (CVE-2021-27418)
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...
Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39906)
A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send ...
CVE-2025-36239 IBM Storage TS4500 Library cross-site scripting
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2025-54831
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...
CVE-2025-54831
Apache Airflow 3.x (notably 3.0.3) exposes sensitive connection details to users with READ permissions via API/UI, bypassing AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS. Affected: Airflow 3.0.3; mitigation is upgrading to 3.0.4 or newer. This issue does not affect Airflow 2.x, where the behavio...
Clickhouse API Unauthenticated Access
Clickhouse is an open-source columnar database management system for online analytical processing. The Clickhouse HTTP interface allows users to interact with the database using HTTP requests. When no authentication is configured, the Clickhouse API can be accessed without any credentials. This c...
Tiny File Manager Default Credentials
Tiny File Manager is a web-based file manager that allows users to manage files on a server through a web interface. By default, Tiny File Manager comes with a default username and password combination. If these default credentials are not changed, a remote and unauthenticated attacker could gain...