CVE-2025-40631

CVE-2025-40631 describes an HTTP Host header injection affecting IceWarp Mail Server, version 11.4.0. By modifying the Host header and delivering a payload, arbitrary JavaScript can be executed on the loaded page when a user interacts with a malicious link (redirect). The vulnerability is tied to...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

Alibaba Cloud Linux 3 : 0162: httpd:2.4 (ALINUX3-SA-2024:0162)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0162 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-38476: Vulnerability in core of Apache HTT...

CVE-2025-30315 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

CVE-2025-30009

he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...

CVE-2025-30009

CVE-2025-30009 affects the SAP Supplier Relationship Management (SRM) Live Auction Cockpit. The issue stems from a deprecated Java applet in affected SRM packages, allowing an unauthenticated attacker to execute malicious script in the victim’s browser. Reported impact is limited to the victim’s ...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP Supplier Relationship Management Master Data Management Catalog is a system for managing supplier relationships that provides master data management functionality. A cross-site scripting vulnerability exists in SAP Supplier Relationship Management Master Data Management Catalog that allows an...

CVE-2025-46749

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the copy and paste functionality. An attacker can execute arbitrary JavaScript code within the user's session by tricking a user into pasting malicious content...

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

RLSA-2024:4242 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...