7703 matches found
Serendipity 代码问题漏洞
Serendipity is a PHP-based blogging system by the Serendipity team. The system supports the creation of online journals, blogs, web pages, and more. A code issue vulnerability exists in Serendipity version 2.4.0, which stems from an authenticated attacker being able to upload malicious PHP files...
PT-2025-51970
Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...
EUVD-2025-203838
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
AI Pulse: How AI Bots Surface Your Content
...
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Frankfurt am Main, Germany, 16th December 2025, CyberNewsWire...
Beyond the Buzz: Why Zero Trust Matters More in the Age of AI
...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
nopCommerce 安全漏洞
nopCommerce is an open source, general purpose e-commerce platform from nopCommerce, Inc. A security vulnerability exists in nopCommerce version 4.90.0, which stems from cross-site scripting in the Blog posts feature in the content management area...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
PT-2025-51769
Name of the Vulnerable Software and Affected Versions nopCommerce version 4.90.0 Description The software is susceptible to Cross Site Scripting XSS through the Blog posts functionality within the Content Management area. The issue allows for potential malicious script injection. Recommendations ...
CVE-2025-65590
CVE-2025-65590 affects nopCommerce 4.90.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the Blog posts functionality in the Content Management area. The initial report does not provide exact vulnerable component details beyond the Blog posts feature; Red Hat and EUVD mir...
Welcome to the new Project Zero Blog
Posted by Natalie Silvanovich While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And...
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 React2Shell, a vulnerability in React…...
Stored Cross-site Scripting (XSS)
getformwork/formwork is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of input in the blog tag field, which allows an attacker to inject malicious scripts that execute in the browser of any authenticated user accessing or editing the affected blo...
Improper Access Control
com.liferay, com.liferay.blogs.item.selector.web is vulnerable to improper access control. The vulnerability is due to missing permission checks on blog entry images, which allows an attacker to access and view images via a crafted URL...
What Happens Inside PDFAid in Seconds: From Upload to Download
Disclosure: This article was submitted by PDFAid for publication...
CVE-2025-66516: Detecting and Defending Against Apache Tika XXE Attack
...
INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps
Cary, North Carolina, USA, 11th December 2025, CyberNewsWire...