IntelliJ IDEA < 2025.2 Multiple Vulnerabilities (macOS)

The version of IntelliJ IDEA installed on the remote host is prior to 2025.2. It is, therefore, affected by a multiple vulnerabilities as referenced in the advisory. - In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference. CVE-2025-57727 - In JetBrains...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

Evolution Consulting HRmaster module 安全漏洞

Evolution Consulting HRmaster module is a modular human resource management software from Evolution Consulting, Hungary. A security vulnerability exists in Evolution Consulting HRmaster module version v235, which originates from an HTML injection in the registration screen and may lead to phishin...

CVE-2025-51989

CVE-2025-51989 : HTML injection vulnerability in Evolution Consulting Kft. HRmaster module v235’s registration interface allows injecting HTML tags into the keresztnév (firstname) field, which can be included in emails and potentially enable phishing against unregistered addresses. Affected compo...

PT-2025-34291 · Unknown · Hrmaster Module

Name of the Vulnerable Software and Affected Versions: HRmaster module version 235 Description: An HTML injection flaw exists in the registration interface of the HRmaster module. An attacker can inject HTML tags into the keresztnév firstname field. This injected HTML is included in emails,...

CVE-2025-57730

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature...

CVE-2025-57730

Summary: CVE-2025-57730 affects JetBrains IntelliJ IDEA prior to 2025.2, with an HTML injection vulnerability in the Remote Development feature. What’s affected: IntelliJ IDEA (before 2025.2); the issue is a HTML injection in the Remote Development workflow. Cause: underlying HTML injection vulne...

CVE-2025-57730

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature...

CVE-2025-57730

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature...

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is an integrated development environment IDE developed by JetBrains , designed to improve developer productivity and code quality , mainly for Java programming , but also supports Kotlin, Web, Spring and other languages and frameworks . JetBrains IntelliJ IDEA suffers from...

Linux Distros Unpatched Vulnerability : CVE-2023-1932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be...

GHSA-7RQQ-PRVP-X9JH Mermaid improperly sanitizes sequence diagram labels leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Details Sequence diagram node labels with KaTeX delimiters are passed through calculateMathMLDimensions. This method pass...

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

Adform Site Tracking 跨站脚本漏洞

Adform Site Tracking is a functional software for mobile user programs on websites and applications from Danish company Adform. A cross-site scripting vulnerability exists in Adform Site Tracking version 1.1 that originates from HTML injection or arbitrary code execution...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

CVE-2025-54862

Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...

CVE-2025-54759 Santesoft Sante PACS Server Cross-site Scripting

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...

CVE-2025-54759

CVE-2025-54759 affects Santesoft Sante PACS Server. The vulnerability is a stored cross-site scripting (XSS) in the Sante PACS Server Web Portal, allowing remote attackers to inject malicious HTML that can redirect victims to malicious pages and steal cookies. Connected sources corroborate the is...

SAP NetWeaver Application Server ABAP HTML Injection Vulnerability

SAP NetWeaver Application Server ABAP is an application server developed by SAP to run ABAP applications. An HTML injection vulnerability exists in SAP NetWeaver Application Server ABAP. An attacker could exploit this vulnerability to construct URLs containing malicious scripts that could be...