Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remote
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user per
A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. Th
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering th
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. T
SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick th
A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user per
A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.
IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the in
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderb
CVE-2024-39727
CRITICAL CVSS 9.8
Find Similar
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expos
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulne
A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the rec
A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation re