CVE-2026-8811

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

CVE-2025-65640

Cross Site Scripting XSS vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript cod...

CVE-2025-65640

Cross Site Scripting XSS vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript cod...

PT-2026-46312

Name of the Vulnerable Software and Affected Versions Arket Globe Document Intelligence version 5.0.0.559 Description Cross Site Scripting XSS occurs in the "Task in Progress / Recent" page due to improper sanitization of user input in text fields during the creation of a new document. An...

CVE-2025-65640

Cross Site Scripting XSS vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript cod...

Arket Globe Document Intelligence 安全漏洞

Arket Globe Document Intelligence is an enterprise document intelligence management platform developed by the Italian company Arket. Version 5.0.0.559 of Arket Globe Document Intelligence contains a security vulnerability. This vulnerability arises from improper handling of user input in text...

XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions of the XWiki Platform prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17. These vulnerabilities stem from the POST /wikis/wikiName API not performing...

CVE-2026-33301

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

EUVD-2025-8081

Malicious code in bioql PyPI...

CVE-2025-44643

creationtimestamp| type| source ---|---|--- 2025-08-04 17:28:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvlprd5g3s2c...

GHSA-334P-WV2M-W3VP

creationtimestamp| type| source ---|---|--- 2025-07-16 07:00:17+00:00| seen| https://gist.github.com/safer-bot/26a09b8c51878f5ec9a6e89f5b7d58cb...

GHSA-RCJJ-H6GH-JF3R

creationtimestamp| type| source ---|---|--- 2025-07-16 06:55:31+00:00| seen| https://gist.github.com/safer-bot/d9797f0aff4e030dd91427990bb06340 2025-07-16 19:02:07+00:00| seen| https://gist.github.com/safer-bot/a2afbfbe4d7c899c99feb8c00f281456...

CVE-2025-7620

CVE-2025-7620 concerns Digitware System Integration Corporation's cross-browser document creation component. The vulnerability allows remote code execution when a user visits a malicious site while the component is active, enabling download and execution of arbitrary programs on the system. Publi...

PT-2025-29416 · Digitware System Integration · Digitware System Integration Corporation Cross-Browser Document Creation

Name of the Vulnerable Software and Affected Versions: Digitware System Integration Corporation cross-browser document creation component affected versions not specified Description: The cross-browser document creation component developed by Digitware System Integration Corporation has a Remote...

DSIC Cross-browser Components for Official Document Creation 安全漏洞

DSIC Cross-browser Components for Official Document Creation is a browser plug-in from Dewei DSIC Corporation of Taiwan, China. A security vulnerability exists in DSIC Cross-browser Components for Official Document Creation that originates from remote code execution and could lead to the download...

GHSA-9VFW-WX65-C872

creationtimestamp| type| source ---|---|--- 2025-07-07 19:47:32+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114813675213683577...

GHSA-6G6M-M6H5-W9GF

creationtimestamp| type| source ---|---|--- 2025-06-06 23:11:11+00:00| seen| https://gist.github.com/zhenthebuilder/796766496fd40b2efb4ad88864ee96cb...

CVE-2024-28956

creationtimestamp| type| source ---|---|--- 2025-05-12 15:18:15+00:00| seen| https://seclists.org/oss-sec/2025/q2/121 2025-05-12 17:32:53+00:00| seen| https://bsky.app/profile/gcpweekly.bsky.social/post/3loyiuejv6m2d 2025-05-12 18:02:37+00:00| seen|...

CVE-2025-3245

creationtimestamp| type| source ---|---|--- 2025-04-04 12:36:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10436 2025-04-04 13:07:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llyicilhad2u 2025-04-04 16:20:54+00:00| seen|...