CVE-2025-48208 Apache HertzBeat (incubating): Jmx JNDI injection vulnerability

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...

CVE-2025-48208 Apache HertzBeat (incubating): Jmx JNDI injection vulnerability

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

PT-2025-36720

Name of the Vulnerable Software and Affected Versions: Apache HertzBeat versions through 1.7.2 Description: This issue involves an improper neutralization of special elements used in an LDAP query, specifically an LDAP injection flaw, in Apache HertzBeat. An attacker requires an authenticated...

LinkAce 跨站脚本漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Personal Developer. A cross-site scripting vulnerability exists in LinkAce versions prior to 2.1.9 that stems from a stored cross-site scripting attack that could lead to arbitrary script execution...

CVE-2025-58351

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...

Apache DolphinScheduler Code Execution Vulnerability

Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. A code execution vulnerability exists in Apache DolphinScheduler versions prior to 3.2.2 due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary shell scripts on...

CVE-2025-58361 Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-20330

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

CVE-2025-20330 Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...

CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...

CVE-2025-58351

Outline versions 0.72.0–0.83.0 include a local file storage feature that can bypass CSP and Content-Type checks when FILE_STORAGE=local is used on the same domain. A malicious payload uploaded as a file attachment could be executed in another user’s context. This is fixed in version 0.84.0. The c...

PT-2025-35656

Name of the Vulnerable Software and Affected Versions: Outline versions 0.72.0 through 0.83.0 Description: Outline, a collaborative documentation service, introduced a local file system storage feature in versions 0.72.0 through 0.83.0. This feature introduced a Content-Type bypass and a Cross-Si...

WordPress TablePress Plugin Cross-Site Scripting Vulnerability

WordPress TablePress Plugin is a table plugin designed for WordPress that allows users to create, edit, and manage tables without programming, with support for multiple data types and interactive features. WordPress TablePress Plugin suffers from a cross-site scripting vulnerability that stems fr...

WordPress plugin Add Code To Head cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...