CVE-2026-28280 `osctrl-admin` has Stored Cross-Site Scripting (XSS) in On-Demand Query List

osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting XSS vulnerability exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The paylo...

PT-2022-22005 · Crestron · Crestron Airmedia Windows Application

Name of the Vulnerable Software and Affected Versions: Crestron AirMedia Windows Application version 4.3.1.39 Description: A vulnerability was discovered in the Crestron AirMedia Windows Application, where a user can place a malicious DLL in a certain path to execute code and perform a privilege...

PT-2021-24048 · Reprise · Reprise Rlm

Name of the Vulnerable Software and Affected Versions: Reprise RLM version 14.2 Description: An issue was discovered in Reprise RLM where session cookies are small, allowing an attacker to hijack existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version. The Linu...

PT-2001-2370 · Microsoft · Windows 2000

Name of the Vulnerable Software and Affected Versions: Windows 2000 Description: The issue concerns the Task Manager in Windows 2000, which does not allow local users to end certain processes via the Process tab. Specifically, processes with uppercase letters in their names, such as winlogon.exe,...