| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment. |
| An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. |
| A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. |
| Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment. |
| Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Councilsoft Content Grid Slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through 1.5. |
| CWE-601 URL Redirection to Untrusted Site ('Open Redirect') |
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') |
| An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeaffairs Wp Text Slider Widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through 1.0. |
| An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component |
| Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Good Market: from n/a through 1.0.6. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2. |
| Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fixes the issue. |
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') |
| An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. |
| An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. |
| NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php. |
