CVE-2025-53363

Summary: Dpanel (Go) versions 1.2.0–1.7.2 are affected by an arbitrary file read vulnerability in /api/app/compose/get-from-uri. The GetFromUri function passes the user-provided uri directly to os.ReadFile, enabling an authenticated user to read arbitrary files on the host and disclose sensitive ...

PT-2022-25821 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite version 8.8.15 Description: The issue concerns a Reflected XSS vulnerability. It is related to the URL at "/h/compose" which accepts an attachUrl parameter. This allows for the execution of arbitrary JavaScript on t...