Hot Chocolate 安全漏洞

Hot Chocolate is a backend runtime environment open source by ChilliCream. Versions prior to 12.22.7, 13.9.16, 14.3.1, and 15.1.14 of Hot Chocolate have security vulnerabilities. These vulnerabilities stem from the recursive parser’s lack of a recursion depth limit, which can lead to stack overfl...

📄 AVideo 14.3.1 Cross Site Scripting

AVideo version 14.3.1 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : AVideo 14.3.1 XSS vulnerability | | Author : indoushka | | Tested on :...

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions 14.3.1 through prior to 20.1, which stems from the use of PHP uniqid to generate predictable installation salt values that could lead to remote code...

CVE-2025-6033

There is a memory corruption vulnerability due to an out of bounds write in XMLSerialize when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

CVE-2025-6034

There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open...

CVE-2025-6034

There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open...

CVE-2025-6033 Memory Corruption issue in XML_Serialize() in NI Circuit Design Suite

There is a memory corruption vulnerability due to an out of bounds write in XMLSerialize when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

PT-2025-40007

Name of the Vulnerable Software and Affected Versions NI Circuit Design Suite versions 14.3.1 and prior Description A memory corruption issue exists due to an out-of-bounds read in the DefaultFontOptions function when using the SymbolEditor within NI Circuit Design Suite. Successful exploitation...

CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

PT-2025-3119

Name of the Vulnerable Software and Affected Versions Umbraco CMS version 14.3.1 Description A stored cross-site scripting XSS vulnerability in Umbraco CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is only possible via authenticated users who have...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-47819

CVE-2024-47819 – Umbraco XSS (Dictionary section) Affected: Umbraco CMS (.NET) versions 14.0.0 up to, but not including, 14.3.1 and 15.0.0.Root cause: cross-site scripting vulnerability in the Dictionary section that can be triggered by an admin-privileged user to execute injected scripts.Impact:...

PT-2024-32830 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 14.3.0 Umbraco versions prior to 15.0.0 Description: The issue allows for cross-site scripting, which can be leveraged to gain access to higher-privilege endpoints. If a user with admin privileges runs the code...

GitLab 11.3.0 < 14.1.7, 14.2.0 < 14.2.5, 14.3.0 < 14.3.1 Authorization Vulnerability

GitLab is prone to an authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

CVE-2021-39888

In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates...

CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

Cross site scripting

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

UBUNTU-CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...