CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-3004 Sayski ForestBlog search cross site scripting

A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The explo...

CVE-2025-3004 Sayski ForestBlog search cross site scripting

A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The explo...

CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

Remote Utilities Installed (Linux)

Binary data remoteutilitiesnixinstalled.nbin...

PT-2025-13859 · Drupal · Drupal Profile Private

Name of the Vulnerable Software and Affected Versions: Drupal Profile Private version . Description: The issue affects the private profile functionality. Recommendations: For version ., consider updating to a newer version that addresses this issue, if available. At the moment, there is no...

GHSA-8FM5-GG2F-F66Q Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Summary A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. Details A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. T...

CVE-2024-39311

Publify CVE-2024-39311 is a publicly documented XSS vulnerability in older Publify Rails apps. Before Publify 10.0.1 (and before publify_core 10.0.2), a publisher could trigger an administrator XSS via the redirect feature, requiring the admin to click a malicious link. Impact described includes ...

CVE-2024-39311 Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...

CVE-2022-49744 mm/uffd: fix pte marker when fork() without fork event

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

CVE-2023-52941

CVE-2023-52941 affects the Linux kernel can:isotp subsystem. The bug arose from the tx timer handling for isotp PDUs, where the timer served two roles: sending two consecutive frames with a gap and monitoring timeouts for flow control and echo frames. This caused more complex txstate checks and e...

CVE-2025-30362 WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter id

WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious cod...

CVE-2025-30821 WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through = 0.4.14...

CVE-2025-2562

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...

CVE-2025-2562

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...

Path Traversal

agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...

GO-2025-3542 LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality in github.com/mudler/LocalAI

LocalAI Cross-Site Scripting XSS vulnerability in its search functionality in github.com/mudler/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2024-45482

CVE-2024-45482 concerns the B&R APROL product. The SSH server in APROL versions prior to 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands due to an Inclusion of Functionality from an Untrusted Control Sphere vulnerability. Affected prod...

Dolphin Pro 7.4.2 Cross Site Scripting

Dolphin Pro version 7.4.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS via Send Message Functionality - dolphin.prov7.4.2 Date: 03/2025 Exploit Author: Andrey Stoykov Version: 7.4.2 Date: 03/2025 Tested on: Debian 12 Blog:...