CVE-2024-12543

OpenText Content Management 24.3–25.1 on Windows and Linux is affected by CVE-2024-12543, a user-enumeration and data-integrity issue in the barcode functionality that could allow a malicious authenticated attacker to alter barcode attributes. Affected component is the barcode handling path; root...

CVE-2024-12543 A user enumeration and subsequent data integrity vulnerability affecting barcode functionality

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...

CVE-2024-12863 Stored XSS in Discussions functionality

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system...

[SECURITY] Fedora 40 Update: rust-cookie_store-0.21.1-1.fc40

Implementation of Cookie storage and retrieval...

PT-2025-17442 · Opentext · Opentext Content Management

Name of the Vulnerable Software and Affected Versions: OpenText Content Management versions 24.3 through 25.1 Description: The issue concerns User Enumeration and Data Integrity in the Barcode functionality, allowing a malicious authenticated attacker to potentially alter barcode attributes...

OpenText Content Management 安全漏洞

OpenText Content Management is an enterprise content management software from OpenText Canada. A security vulnerability exists in OpenText Content Management versions 24.3 through 25.1, which stems from a user enumeration and data integrity issue in the barcode functionality, which could lead to ...

CVE-2025-3824 SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproductname leads to cross site scripting. T...

CVE-2025-32796

Dify (open‑source LLM app platform) prior to version 0.6.12 is affected by an access control flaw where normal users can enable/disable apps via the API despite UI restrictions. The root cause is an insufficiently enforced permissions model, allowing non‑admin changes that can disrupt app functio...

CVE-2025-3788 baseweb JSite save cross site scripting

A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-3113

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...

CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

CVE-2025-31338 Wisdom Master Pro - Missing Authorization

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

CVE-2025-31338

Wisdom Master Pro (versions 5.0–5.2) exposes a missing authorization vulnerability in the retrieve teacher Information API, allowing remote attackers to read partial user data. Affected component is the retrieve teacher Information function; root cause is lack of authorization checks, as describe...

From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities

Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three...

CVE-2025-3692

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=saveproduct. The manipulation leads to cross site scripting. The attack can be launched...

CVE-2025-22105

CVE-2025-22105 affects the Linux kernel bonding driver. When an XDP program is attached to a bonded interface, changing the bond mode may trigger a warning inside bond_xdp_set. The fix adds a check for the presence of an XDP program when setting bond mode, since some modes (e.g., balance-rr with ...

CVE-2025-39513

Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ActiveDEMAND: from n/a through = 0.2.46...

HTML Injection

pimcore/admin-ui-classic-bundle is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of the content parameter in the email sending functionality, allowing arbitrary HTML code to be injected into emails...

CVE-2025-3680

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LANG Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to...