CVE-2025-48384

Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...

CVE-2025-42985

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality a...

SAP BusinessObjects Content Administrator workbench 输入验证错误漏洞

SAP BusinessObjects Content Administrator workbench is a software used to manage the report distribution function by SAP, Germany. An input validation error vulnerability exists in SAP BusinessObjects Content Administrator Workbench that stems from insufficient cleanup and could lead to the...

SAP NetWeaver Application Server ABAP 输入验证错误漏洞

SAP NetWeaver Application Server ABAP is a platform for running and developing applications based on the ABAP language from SAP, Germany. An input validation error vulnerability exists in SAP NetWeaver Application Server ABAP, which stems from an open redirect that could cause a browser to execut...

SAP Business Warehouse 跨站脚本漏洞

SAP Business Warehouse is a key component for executing business processes from SAP, Germany, that allows users to design, implement, and manage business processes, ensure process compliance, and reduce the need for manual operations through automation. A cross-site scripting vulnerability exists...

Git 安全漏洞

Git is a free, open source distributed version control system open-sourced by Git. A security vulnerability exists in Git that stems from improper handling of trailing carriage returns when processing configuration values, which could allow submodules to be incorrectly detected in a hook director...

CVE-2025-53526 WeGIA allows Stored XSS attacks in novo_memorando.php

WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novomemorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listarmemorandosantigos.php. Upon loading this page, the injected script was executed in the browser...

CVE-2025-53526 WeGIA allows Stored XSS attacks in novo_memorando.php

WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novomemorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listarmemorandosantigos.php. Upon loading this page, the injected script was executed in the browser...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

CVE-2025-52462

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...

PT-2025-27875 · Unknown · Mndpsingh287 Frontend File Manager

Name of the Vulnerable Software and Affected Versions: mndpsingh287 Frontend File Manager versions n/d through 23.2 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows code injection. This is a basic XSS vulnerability...

PT-2025-27863 · Unknown · Whale Browser

Name of the Vulnerable Software and Affected Versions: Whale browser for iOS versions prior to 3.9.1.4206 Description: The issue allows an attacker to execute malicious scripts in the browser via a crafted JavaScript scheme. This can be achieved by manipulating a specific JavaScript scheme...

SUSE CVE-2005-1531

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using 1 a javascript: URL in a view-source: URL, 2 a javascript: URL in a...

Streamline NX Client (XSS) (2025-000008)

The version of Streamline NX Client installed on the remote host is between 3.5.0 and 3.7.2. It is, therefore, affected by a reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

CVE-2025-41439

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...

Multiple vulnerabilities in Active! mail

Overview Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-52462 Cross-site request forgery CSRF CWE-352 - CVE-2025-52463 Rintaro Fujita and Shoji Baba of GAKUSHUIN UNIVERSITY reported these vulnerabilities to IPA...

CVE-2025-52462

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...

CVE-2025-52462

CVE-2025-52462 is a Cross-site scripting vulnerability affecting Active! mail versions 6.30.01004145 through 6.60.06008562. The issue can allow arbitrary script execution in the logged-in user’s browser when visiting a specially crafted URL. Affected product: Active! mail. Remediation per multipl...