20 matches found
Exploit for CVE-2025-65480
CVE-2025-65480: Remote Code Execution in Pacom Unison Client A...
CVE-2025-65480
Pacom Unison Client 5.13.1 contains a vulnerability where authenticated users can inject malicious scripts into Report Templates that are executed when certain script conditions are fulfilled, leading to Remote Code Execution. This is the stated impact; no exploit details are provided in the avai...
CVE-2025-58352
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...
PT-2025-36103
Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 5.13.1 Description: Weblate is a web-based localization tool. Versions prior to 5.13.1 are susceptible to a second factor authentication bypass due to a long session expiry during the second factor verification...
UBUNTU-CVE-2025-53103
JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...
CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the...
PT-2023-31890 · One Identity +2 · One Identity Password Manager +2
Name of the Vulnerable Software and Affected Versions: One Identity Password Manager versions prior to 5.13.1 Description: The issue allows Kiosk Escape, affecting the product's functionality to reset Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based...
PYSEC-2023-292
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...
GHSA-9W2P-RH8C-V9G5 Local Privilege Escalation in Windows
Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: The user runs an application containing either...
PT-2023-30875 · One Identity +2 · One Identity Password Manager +2
Name of the Vulnerable Software and Affected Versions: One Identity Password Manager versions prior to 5.13.1 Description: The issue allows Kiosk Escape in One Identity Password Manager, which enables users to reset their Active Directory passwords on the login screen of a Windows client. It...
Format string
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486 Vega `scale` expression function cross site scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486 Vega `scale` expression function cross site scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486 Vega `scale` expression function cross site scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
PT-2023-20677 · Vega · Vega
Name of the Vulnerable Software and Affected Versions: Vega versions prior to 5.13.1 Description: The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. This can be exploited to escape the Vega expression sandbox in order to execute...
Tenable Nessus Network Monitor 5.11.0 - 5.13.0 Multiple Vulnerabilities (TNS-2021-09)
Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +452 more potentially affected by CVE-2016-0734 via org.apache.activemq:activemq-client (>=5.10.0 <=5.13.1)
org.apache.activemq:activemq-client MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2016-0734 Source advisory: OSV:GHSA-W525-W93J-RXGM...
WordPress plugin Site Reviews cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of the WordPress plugin Site Reviews prior to 5.13....
CVE-2021-24603
The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
Apache ActiveMQ Web Console Cross-Site Scripting Vulnerability
Apache ActiveMQ is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:activemq...