IceWarp Email Client - Cross Site Scripting

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. id: CVE-2023-39598 info: name: IceWarp Email Client - Cross Site Scripting author: Imjust0 severity: medium description: |...

SAP NetWeaver AS Java Reflected XSS (3723655)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a reflected cross-site scripting vulnerability as referenced in SAP Security Note 3723655: - Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an...

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

EUVD-2026-35282

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

PT-2026-47533

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.114.0 <=0.120.0) +1424 more potentially affected by CVE-2026-22735 via org.springframework:spring-webflux (>=6.2.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 - ai.telosforge:kimaira-util-webclient =1.2.6 and more Source cves: CVE-2026-22735 Source advisory:...

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

EUVD-2026-8842

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

EUVD-2026-8841

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1698

CVE-2026-1698 affects PcVue WebClient and WebScheduler web apps (versions 15.0.0–16.3.3). A HTTP Host header vulnerability could let an attacker craft requests that influence server-side behavior, specifically targeting endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCal...

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...