ARD GEC en Ligne 安全漏洞

ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from insufficient validation of transactionID parameter input validation and output encoding, which could lead to cross-site scripting attacks...

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability in the chatbot generation feature. The flaw resides in the prompt parameter sent to /dashboard/user/generator/generate-stream via a multipart/form-data POST, where insufficient input sanitization allows HTML/Jav...

CVE-2025-57205

Inilabs School Express (SMS Express) 6.2 is affected by a Stored XSS in content-management editors (POST /posts/edit/{id} and similar for Notices/Pages). The root cause is insufficient input sanitization and output encoding for editor parameters; payloads are saved and later rendered unsanitized,...

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

CVE-2025-55887

CVE-2025-55887 describes a Cross-Site Scripting (XSS) vulnerability in the ARD meal reservation service. The issue is located in the transactionID GET parameter on the transaction confirmation page and is caused by improper input validation and output encoding. Exploitation could allow an attacke...

CVE-2025-57205

iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...

PT-2025-39065

Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description A Cross-Site Scripting XSS issue exists in the meal reservation service. The vulnerability is located in the transactionID GET parameter on the transaction confirmation page. Insufficient input...

CVE-2025-46703

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-6544

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

CVE-2025-6544

CVE-2025-6544 affects h2oai/h2o-3 up to version 3.46.0.8. The issue is a deserialization vulnerability that enables an attacker to read arbitrary system files and execute arbitrary code. Root cause: improper handling of JDBC connection parameters, exploitable via bypassing regular expression chec...

CVE-2025-57880

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-46703

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

OESA-2025-2305 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2025-2304 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2025-2303 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2025-2302 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...