CVE-2025-52453

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Flow Data Source modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52453

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Flow Data Source modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52453

CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows and Linux, specifically in the Flow Data Source modules, that enables Resource Location Spoofing. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3....

CVE-2025-38463

creationtimestamp| type| source ---|---|--- 2025-07-25 16:21:55+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lushfadzopr2...

Salesforce Tableau 安全漏洞

Salesforce Tableau is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the Flow Data Source module and could...

DRUPAL-CONTRIB-2025-092

This module allows you to manage video media items using the COOKiES module disabling external video elements. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might...

CVE-2025-7656

creationtimestamp| type| source ---|---|--- 2025-07-16 12:17:24+00:00| seen| https://vulnerability.circl.lu/bundle/b205087a-783f-4a89-b594-104ef807c79c 2025-07-16 13:22:59+00:00| seen| https://t.me/truesecator/7238 2025-07-16 19:21:24+00:00| seen|...

CVE-2025-52988

creationtimestamp| type| source ---|---|--- 2025-07-11 16:20:52+00:00| seen| Telegram/G1BVFjjVwHoVhe8TZ-X1B5VzW6v5zvPrMvVXiBrcgvjc24...

CVE-2025-53006

DataEase before version 2.10.11 vulnerable due to improper handling of SSL-related JDBC connection parameters (sslfactory, sslfactoryarg, sslhostnameverifier, sslpasswordcallback, authenticationPluginClassName) which must be triggered after the connection is established. This affects PostgreSQL a...

CVE-2025-50695

creationtimestamp| type| source ---|---|--- 2025-06-24 16:47:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19379 2025-06-24 20:29:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsewrwzik22o...

CVE-2025-6569

creationtimestamp| type| source ---|---|--- 2025-06-24 15:47:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19363 2025-06-24 16:32:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsejjzceqq2r...

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX allows a perpetrator to elevate their privileges and execute arbitrary code.

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX lies in the use of an unreliable data source during the download of updates. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary cod...

Dmacroweb DM Corporative CMS 安全漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file /administer/selectionnode/framesSelection.a...

CVE-2025-0691

creationtimestamp| type| source ---|---|--- 2025-06-05 14:39:24+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqukdxealci2...

CVE-2025-5688

creationtimestamp| type| source ---|---|--- 2025-06-04 17:38:25+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114626311294944724 2025-06-04 17:47:09+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqseem5hgaa2 2025-06-06...

CVE-2025-5368

creationtimestamp| type| source ---|---|--- 2025-05-31 04:28:24+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqgvtfaz7f42 2025-05-31 08:12:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqhcfortmr2q...

CVE-2024-6055

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration fil...

CVE-2024-10602

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approvecenter/list/inputform/datapickerlink.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched...

CVE-2024-11671

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching...

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...