Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
Loftware Spectrum through 4.6 has unprotected JMX Registry.
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.
Loftware Spectrum before 5.1 allows SSRF.
Mustang before 2.16.3 allows exfiltrating files via XXE attacks.
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack.
An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability a
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 w
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. An authenticated Server-Side Request Forgery (SSRF) vulnerability exists in versions prior to 0
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024
Page 1+ Next →