GHSA-FF6V-W58F-V97W XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right

Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as whi...

CVE-2025-49587

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49587

Summary (CVE-2025-49587) : XWiki Platform is vulnerable to reflected XSS when a user without script rights creates a document containing an XWiki.Notifications.Code.NotificationDisplayerClass object, and an admin later edits and saves the document. The potentially malicious object content is outp...

CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right

XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...

CVE-2025-49189

creationtimestamp| type| source ---|---|--- 2025-06-13 06:36:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18261...

CVE-2025-6009 kiCode111 like-girl ipAddPost.php sql injection

A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been...

The vulnerability of the notification module of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the notification module of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

CVE-2025-479538

creationtimestamp| type| source ---|---|--- 2025-06-10 16:45:25+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0189...

security-research

Security Research This project hosts security advisories and...

Fedora 42 : mingw-libsoup (2025-c04e5b95f1)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c04e5b95f1 advisory. Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945 Tenable has extracted the preceding...

PT-2025-24350 · Undefined · Undefined

CVE-2025-5223 Rejected reason https://t.co/hNak88ikhK Vulnerability Notification: https://t.co/xhLrNnfyrO...

PT-2025-24351 · Undefined · Undefined

CVE-2025-5242 Rejected reason https://t.co/7tJJDZLcUi Vulnerability Notification: https://t.co/xhLrNnfyrO...

WordPress Broadly for WordPress plugin <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Broadly for WordPress versions = 3.0.2...

GHSA-F82J-8PP7-CW2W

creationtimestamp| type| source ---|---|--- 2025-06-02 16:45:31+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114614778635202833 2025-06-02 17:01:55+00:00| published-proof-of-concept| Telegram/evyU1N0NEzlqWkLQZaMrYM3OKb94J6CqLDhasOVakxq7P0...

CVE-2025-48472

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...

CVE-2025-48472

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...