1037 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-50012
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the getLanguage and getClassTypeFields functions used by the Asset Publisher configuration UI. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious inp...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the getLanguage and getClassTypeFields functions used by the Asset Publisher configuration UI. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious inp...
GHSA-M49P-6CJP-X2H3 Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels
A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...
Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels
A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...
Cross-site Scripting (XSS)
Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker can execute...
CVE-2025-43744
A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...
CVE-2025-43744
A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...
CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...
CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...
CVE-2025-54881
Technical details about CVE-2025-54881 are not publicly available in the provided connected documents. Monitor for updates.
PT-2025-33816
Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0 Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration,...
PT-2025-33857 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
RMSL: Weakly-Supervised Insider Threat Detection with Robust Multi-Sphere Learning
Insider threat detection aims to identify malicious user behavior by analyzing logs that record user interactions. Due to the lack of fine-grained behavior-level annotations, detecting specific behavior-level anomalies within user behavior sequences is challenging. Unsupervised methods face high...
Linux Distros Unpatched Vulnerability : CVE-2025-38072
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libnvdimm/labels: Fix divide error in ndlabeldatainit If a faulty CXL memory device returns a broken zero LSA size in its memory device information Identify...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tooltip in the chart visualization. An attacker can execute arbitrary scripts in the context of a victim's browser by injecting a malicious payload into a column's label, which is then rendered without...
CVE-2025-55672
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
CVE-2025-55672
Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
PT-2025-33271 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: A stored Cross-Site Scripting XSS issue exists in the chart visualization feature. An authenticated user with chart editing permissions can inject a malicious payload into a column's label...