CVE-2023-40071

Improper access control in some IntelR GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

CVE-2025-63418

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

EUVD-2025-37928

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

PT-2025-45153

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated, low-privileged attackers can execute arbitrary JavaScript in the context of other users’...

CVE-2025-63418

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from the presence of stored cross-site scripting in the Chat feature, which could lead to the execution of arbitrary JavaScript code by a...

PT-2025-45159

Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from insufficient cleanup and escaping of chat message input fields in the chat feature, which could lead to a stored cross-site scripting...

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

EUVD-2023-44614

Malicious code in bioql PyPI...

CVE-2023-3991

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2025-26494

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5...

CVE-2025-26494

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5...

Salesforce Tableau 安全漏洞

Salesforce Tableau is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau versions 2023.3.X through 2023.3.5, which stems from a server-side request forgery vulnerability that could lead to authentication bypass...

PT-2025-6373 · Tableau · Tableau Server

Name of the Vulnerable Software and Affected Versions: Tableau Server versions 2023.3 through 2023.3.5 Description: The issue is a Server-Side Request Forgery SSRF vulnerability that allows Authentication Bypass. This means an attacker can potentially bypass authentication mechanisms, gaining...

CVE-2024-25578

MicroDicom DICOM Viewer versions 2023.3 Build 9342 and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application...

CVE-2024-11598

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation...

PT-2024-17128 · Ivanti · Ivanti Application Control

Name of the Vulnerable Software and Affected Versions: Ivanti Application Control versions prior to 2024.3 HF1 Ivanti Application Control versions prior to 2024.1 HF2 Ivanti Application Control versions prior to 2023.3 HF3 Description: Under specific circumstances, insecure permissions in Ivanti...

Foxit PhantomPDF Multiple Vulnerabilities (June-2 2024)

Foxit PhantomPDF is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:phantompdf";...