Teradek VidiU Pro 安全漏洞

Teradek VidiU Pro is a hardware live streaming encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3, which stems from the mishandling of the url and xmlurl parameters by the management interface, which could lead to a server-side request forgery attack...

EUVD-2025-199902

Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...

CVE-2025-65892

Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...

CVE-2025-65892

Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...

CVE-2025-65892

Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...

PT-2025-48371

Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...

CVE-2025-65892

Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...

EUVD-2008-2681

Malware in sbrugna...

EUVD-2015-7228

Malware in sbrugna...

CVE-2025-1108

CVE-2025-1108 affects Janto, versions prior to r12. The issue is an insufficient data authenticity verification vulnerability that lets an unauthenticated attacker modify the content of password-reset emails by sending a crafted POST request that injects malicious content into the Xml parameter a...

PT-2025-5973 · Janto · Janto

Name of the Vulnerable Software and Affected Versions: Janto versions prior to r12 Description: The issue concerns an insufficient data authenticity verification vulnerability. This vulnerability allows an unauthenticated attacker to modify the content of emails sent to reset the password. To...

CVE-2023-4037

Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter...

NCR Command Center Agent Operating System Command Injection Vulnerability

NCR Aloha Essentials is the mobile POS enabled hardware from NCR USA. It provides an end-to-end restaurant management platform A security vulnerability exists in the CMCAgent in NCR Command Center Agent 16.3, which originates from allowing submission of the runCommand parameter in an XML document...

CVE-2020-24665

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service DoS condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in ...

krpano Panorama Viewer 跨站脚本漏洞

krpano Panorama Viewer is a software for viewing panorama files from the German company krpano. The software supports high-resolution images, interactive virtual roaming, custom-designed user interface, and other features. A cross-site scripting vulnerability exists in Krpano Panorama Viewer 1.20...

CVE-2018-19547

JTBCPHP 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter...

GHSA-W3GH-G32M-CVHR High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

PFSense 2.2.5 Directory Traversal

Title : PFSense 12 1 LFI example Lfi example on step1submitphpaction; /etc/passwd...

PFSense 2.2.5 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Title : PFSense 12 1 LFI example Lfi example on step1submitphpaction;/stepsubmitphpa...

Multiple K2 Products SQL Injection Vulnerabilities

K2 blackpearl, smartforms, and K2 for SharePoint are all products from K2 Corporation. blackpearl is a suite of applications for building and running business processes. smartforms is an online business system push messaging product. k2 for SharePoint is a suite of applications for creating forms...