4 matches found
Improper Neutralization of Special Elements in Data Query Logic
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the searchCustomPages process. An attacker can access unintended content by submitti...
CVE-2025-11757
CVE-2025-11757 affects CloudEdge Cloud (MQTT topic input) where input is not sanitized, enabling an attacker to leverage MQTT wildcards to subscribe and receive messages intended for other users, potentially exposing credentials and key information to connect to cameras in peer-to-peer fashion. A...
CVE-2025-11757 Improper Neutralization of Wildcards or Matching Symbols in CloudEdge Online Cameras and App
The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key...
keycloak: reflected XSS via wildcard in OIDC redirect_uri
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...