CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section

Summary http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to: - Bypass front-end servers security controls - Launch targeted attacks against active users - Poison web caches Pre-requisites for the exploitatio...

CVE-2025-0209

CVE-2025-0209 describes a reflected cross-site scripting (XSS) vulnerability in the account registration flow of WSO2 Identity Server caused by improper output encoding. The issue allows an attacker to inject a crafted payload that is reflected in the server response, leading to potential executi...

CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

GHSA-JC4G-C8WW-5738 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

Summary A reflected cross-site scripting XSS vulnerability exists under certain conditions, using a specially crafter url to view a user profile Description DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that are returned to th...

SUSE-SU-2025:03309-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: - MFSA 2025-78 CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. CVE-2025-10528: sandbox escape due to undefined behavior,...

CVE-2025-6544

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from the US-based WSO2 Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improperly encoded output and could lead to a reflective cross-site scripting attack...

PT-2025-39193

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. The application does not...

Towards Adapting Federated and Quantum Machine Learning for Network Intrusion Detection: a Survey

This survey explores the integration of Federated Learning FL with Network Intrusion Detection Systems NIDS, with particular emphasis on deep learning and quantum machine learning approaches. FL enables collaborative model training across distributed devices while preserving data privacy-a critic...

PT-2025-39183

Name of the Vulnerable Software and Affected Versions WSO2 Identity Server affected versions not specified Description A reflected cross-site scripting XSS issue exists in the account registration process. This is due to improper output encoding, allowing a malicious actor to inject a crafted...

SUSE CVE-2025-7345

A flaw exists in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib's gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

CVE-2025-55888

Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...

SUSE-SU-2025:03294-1 Security update for wireshark

This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: - CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces bsc1249090. Non-security issues fixed: - Bug in UDS dissector with Service...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

PT-2025-39066

Name of the Vulnerable Software and Affected Versions MagicProject AI version 9.1 Description MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS issue within the chatbot generation feature accessible to authenticated admin users. The issue is located in the prompt parameter...