PT-2025-29746 · Nanbu · Nanbu Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: nanbu Welcart e-Commerce versions through 2.11.16 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This can potentially lead to the...

CVE-2025-53834

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker t...

CVE-2025-53834

Caido Toast XSS (CVE-2025-53834): A reflected XSS vulnerability exists in Caido’s toast UI component in versions before 0.49.0, where unsanitized user input reflected in tools like Match&Replace and Scope can lead to arbitrary script execution. The issue is fixed in version 0.49.0. Affected produ...

CVE-2025-53834 Caido Toast Vulnerable to Reflected Cross-site Scripting

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker t...

Caido 跨站脚本漏洞

Caido is a Caido open source application. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. A cross-site scripting vulnerability exists in versions prior to Caido 0.49.0 that stems from reflective cross-site scripting and could lead to arbitrar...

CVE-2025-30661

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can...

CVE-2025-30661 Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can...

CVE-2025-30661

CVE-2025-30661 affects Juniper Networks Junos OS line cards (MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, EX9200-15C). The root cause is an incorrect permission assignment in line card script processing that lets a local, low-privilege user install scripts which are executed as root at sy...

CVE-2025-41442

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosu...

CVE-2025-53397 Advantech iView Cross-site Scripting

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other...

CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

ALPINE-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

DEBIAN-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

AZL-65079 CVE-2025-27614 affecting package git for versions less than 2.45.4-1

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

CVE-2025-27614 Gitk allows arbitrary command execution

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

Advantech iView 跨站脚本漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...

CLSA-2025-1752089153 redis: Fix of CVE-2024-31449

CVE-2024-31449: fix stack buffer overflow in bit library triggered by Lua script execution...

PT-2025-29233 · Mpc10 +6 · Mpc10 +7

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 23.2 through 23.2R2-S4 Juniper Networks Junos OS versions 23.4 through 23.4R2-S5 Juniper Networks Junos OS versions 24.2 through 24.2R2-S1 Juniper Networks Junos OS versions 24.4 through 24.4R1-S3 Juniper...

CVE-2025-48384

Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...