KB5074204: Security Update for Windows PowerShell (OS Builds 26100.7392 and 26200.7392)

KB5074204: Security Update for Windows PowerShell OS Builds 26100.7392 and 26200.7392 For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, see the update history pages for Windows 11, version 24H2 a...

PT-2025-50145

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the theme parameter of the ''/Mondo/lang/sys/Forms/Statistics.aspx'' endpoint. The theme value is not...

Selea Targa IP OCR-ANPR Camera 跨站脚本漏洞

Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. A cross-site scripting vulnerability exists in the Selea Targa IP OCR-ANPR Camera that stems from a stored cross-site scripting issue with the fileslist parameter, which could lead to the execution of arbitrary script...

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

PT-2025-50248

Name of the Vulnerable Software and Affected Versions Selea Targa IP OCR-ANPR Camera affected versions not specified Description The Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting issue in the files list parameter. This allows attackers to inject malicious HTML and script...

Coohom SaaS Platform 安全漏洞

Coohom SaaS Platform is a cloud-based integration platform from Coohom Inc. in the United States. A security vulnerability exists in Coohom SaaS Platform that originates from stored cross-site scripting and could lead to session hijacking or arbitrary script execution...

PT-2025-50140

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description The software contains a reflected cross-site scripting XSS issue in the FieldBcc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The FieldBcc value is not properly sanitized...

CVE-2025-12956 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-12956 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

PT-2025-49528

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x Description A reflected Cross-site Scripting XSS issue exists in ENOVIA Collaborative Industry Innovator. This allows an attacker to execute...

Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an important toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

Adobe Experience Manager (AEM) Groovy Console

The remote Adobe Experience Manager AEM expose a Groovy console that allows users to execute arbitrary Groovy scripts on the server. This can lead to remote code execution and complete compromise of the AEM instance and the underlying server. No source data...

Sony Camera SNC-CX600W Cross-site scripting (CVE-2025-64730)

Cross-site scripting vulnerability exists in SNC-CX600W. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2025-58486

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30348)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav Cross-Site Scripting Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30345)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30346)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

RockyLinux 9 : redis (RLSA-2025:20926)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20926 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30347)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...