CVE-2025-57880

The CVE-2025-57880 entry concerns an XSS vulnerability in Hallo Welt! GmbH BlueSpice, specifically the BlueSpiceWhoIsOnline extension . Affected are BlueSpice versions 5 through 5.1.1 where improper encoding/escaping of output may allow script execution. The root cause is an output encoding flaw ...

CVE-2025-57880 Potential XSS in Extension:BlueSpiceWhoIsOnline

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007

CVE-2025-48007 affects Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) with versions 5 through 5.1.1. The issue is an improper encoding or escaping of output that enables Cross-Site Scripting (XSS). The connected sources consistently describe the vulnerability as an XSS in BlueSpice 5–5.1...

CVE-2025-48007 Potential XSS in Extension:BlueSpiceAvatars

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

PT-2025-38624

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

PT-2025-38533

Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars that allows for Cross-Site Scripting XSS. Recommendations Update BlueSpice to a...

BlueSpice 安全漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...

BlueSpice 安全漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...

BlueSpice 安全漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...

PT-2025-38532

Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in the AtMentions extension of BlueSpice, which can lead to Cross-Site Scripting XSS. Recommendations Update BlueSpice to a version later th...

PT-2025-38621

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.0 through 1.7.0 Description A flaw exists in Apache Linkis when utilizing the JDBC engine and data source functionality. Multiple rounds of URL encoding applied to the URL parameter configured on the frontend can...

Security Bulletin: Buffer Over-read in PostgreSQL GB18030 Encoding Validation Leading to Potential DoS , affects watsonx.data

Summary Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9,...

PT-2025-38304

Name of the Vulnerable Software and Affected Versions Paraşüt Software Bizmu versions 2.27.0 through 20250212 Description This issue allows for Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations Paraşüt Software Bizmu versions 2.27.0 throu...

CVE-2025-8276

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

PT-2025-37992

Name of the Vulnerable Software and Affected Versions HumanSuite versions prior to 53.21.0 Description HumanSuite is susceptible to multiple issues including improper encoding or escaping of output, improper neutralization of special elements in output used by a downstream component injection,...

UBUNTU-CVE-2023-53241

In the Linux kernel, the following vulnerability has been resolved: nfsd: call oprelease, even when opfunc returns an error For ops with "trivial" replies, nfsd4encodeoperation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is callin...

pentestdb

This is a repository of penetration testing tools and resources, specifically designed for web application security testing. The repository is called "pentestdb" and is maintained by a user named "alpha1e0". The repository contains a variety of tools and resources, including: 1. Exploit systems: ...

p0wnedShell

This is an offensive PowerShell host application written in C that runs PowerShell commands and functions within a PowerShell runspace environment. It includes various offensive PowerShell modules and binaries to facilitate post-exploitation activities, such as bypassing mitigations and creating...

CVE-2025-59139

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

GHSA-92VJ-G62V-JQHH Hono has Body Limit Middleware Bypass

Summary A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. Details The middleware previously prioritized the Content-Length header even when a Transfer-Encoding: chunked header was also included. According to...