AZL-60450 CVE-2025-22872 affecting package keda for versions less than 2.14.1-7

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

DEBIAN-CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-61750 CVE-2025-22872 affecting package yq 4.45.1-1

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60523 CVE-2025-22872 affecting package sriov-network-device-plugin for versions less than 3.7.0-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60545 CVE-2025-22872 affecting package cf-cli for versions less than 8.7.11-3

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

WordPress plugin MapSVG Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

The vulnerability of the stripTags component and unescapeHTML in the DOM and AJAX Prototype framework allows a hacker to cause a service failure.

The vulnerability of the stripTags and unescapeHTML components in the DOM and AJAX Prototype framework is related to insufficient processing of regular expressions. Exploiting this vulnerability can allow an attacker to cause service failures...

WordPress plugin Showeblogin Social 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-14199 · Unknown · Blockwheels

Name of the Vulnerable Software and Affected Versions: BlockWheels versions 1.0.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker can inject...

WordPress plugin Trackserver 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-30903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Mills SyntaxHighlighter Evolved syntaxhighlighter allows DOM-Based XSS.This issue affects SyntaxHighlighter Evolved: from n/a through = 3.7.1...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...

UBUNTU-CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

Linux Distros Unpatched Vulnerability : CVE-2021-26291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Maven will follow repositories that are defined in a dependency's Project Object Model pom which may be surprising to some users, resulting in potential...

USN-7309-1 Ruby SAML vulnerabilities

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...

The vulnerability of the Microsoft COM component in the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Microsoft COM component in the Windows operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

BeyondTrust Endpoint Privilege Management for Windows 安全漏洞

BeyondTrust Endpoint Privilege Management for Windows is a complete endpoint privilege management solution from BeyondTrust USA. A security vulnerability exists in BeyondTrust Endpoint Privilege Management for Windows prior to version 25.2 that originates from a local authentication attacker who...

The vulnerability of the Microsoft COM Server component of the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the Microsoft COM Server component of the Windows operating system is related to the use of an uninitialized resource. Exploiting this vulnerability could allow an attacker to disclose sensitive information that is protected by security measures...

PT-2025-7833 · Woocommerce · Autoship Cloud For Woocommerce Subscription Products

Name of the Vulnerable Software and Affected Versions: Autoship Cloud for WooCommerce Subscription Products versions 2.8.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability...

PT-2025-7809 · Copyparty · Copyparty

Name of the Vulnerable Software and Affected Versions: copyparty versions prior to 1.16.15 Description: The issue is a DOM-based cross-site scripting vulnerability. It can be triggered by handing someone a maliciously-named file and then tricking them into dragging the file into copyparty's Web-U...