11156 matches found
EUVD-2025-38261
AstrBot has an arbitrary file read vulnerability in function encodeimagebs64...
CVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
CVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
CVE-2025-5770
A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...
CVE-2025-10853
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
PT-2025-45473
Name of the Vulnerable Software and Affected Versions AstrBot Project version 3.5.22 Description The software contains an arbitrary file read issue in the encode image bs64 function. This function, defined in entities.py, opens an image specified by a user-controlled request body and returns its...
PT-2025-45503
Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /search results API endpoint through the q parameter. An attacker could potentially inject malicious scripts into the w...
CVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
PT-2025-45497
Name of the Vulnerable Software and Affected Versions Sourcecodester Medicine Reminder App version 1.0 Description The application is susceptible to Cross-Site Scripting XSS. An attacker can inject potentially malicious HTML/JavaScript code into the "Medicine Name" and "Notes Optional" fields whe...
BIT-GOLANG-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...
CLSA-2025-1762420153 delve: Fix of CVE-2024-34156
rebuild with newer golang to fix CVE-2024-34156 stack exhaustion in encoding/gob when decoding deeply nested structures...
CVE-2025-10853
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
CVE-2025-10853
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
CVE-2025-10853
Summary: CVE-2025-10853 is a reflected XSS vulnerability in the management console of multiple WSO2 products caused by improper output encoding. The issue allows a malicious actor to tamper with specific parameters to inject arbitrary JavaScript into responses, potentially leading to UI manipulat...
CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
EUVD-2025-37927
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
EUVD-2025-37921
A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...
CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products
A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...
GO-2025-3988 Insufficient address encoding when passing mail addresses to the SMTP client in github.com/wneessen/go-mail
Insufficient address encoding when passing mail addresses to the SMTP client in github.com/wneessen/go-mail...