CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2025-58351

Outline versions 0.72.0–0.83.0 include a local file storage feature that can bypass CSP and Content-Type checks when FILE_STORAGE=local is used on the same domain. A malicious payload uploaded as a file attachment could be executed in another user’s context. This is fixed in version 0.84.0. The c...

CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...

CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...

PT-2025-35656

Name of the Vulnerable Software and Affected Versions: Outline versions 0.72.0 through 0.83.0 Description: Outline, a collaborative documentation service, introduced a local file system storage feature in versions 0.72.0 through 0.83.0. This feature introduced a Content-Type bypass and a Cross-Si...

WordPress TablePress Plugin Cross-Site Scripting Vulnerability

WordPress TablePress Plugin is a table plugin designed for WordPress that allows users to create, edit, and manage tables without programming, with support for multiple data types and interactive features. WordPress TablePress Plugin suffers from a cross-site scripting vulnerability that stems fr...

WordPress plugin Add Code To Head cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...

IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Watson Studio on Cloud Pak for Data is an intelligent search and text analytics platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Watson Studio on Cloud Pak for Data versions 4.0 and 5.0, which stems from the application's lack of effective...

WordPress plugin Ocean Extra 跨站脚本漏洞

WordPress Ocean Extra plugin is a free plugin for the WordPress platform, designed for the OceanWP theme, aiming to enhance the website building experience by adding extra functionality and flexibility. A cross-site scripting vulnerability exists in the WordPress Ocean Extra plugin, which stems...

CVE-2025-58059

Valtimo scripting engine vulnerability (CVE-2025-58059) affects Valtimo BPM platform prior to 12.16.0.RELEASE and 13.0.0.RELEASE to before 13.1.2.RELEASE. An admin who can create/modify and execute process definitions could access sensitive data or resources on the host (e.g., executing host exec...

WordPress plugin Add Code To Head 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...

CVE-2025-20296

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

PT-2025-34880 · Gitblit · Gitblit

Name of the Vulnerable Software and Affected Versions: Gitblit version 1.7.1 Description: Gitblit version 1.7.1 contains a reflected cross-site scripting XSS flaw due to insufficient input sanitization of filename elements when handling repository path names. An attacker can inject a crafted path...

Linux Distros Unpatched Vulnerability : CVE-2020-4046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in...

PT-2025-34730 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security issue exists in 1000projects Online Project Report Submission and Evaluation System 1.0. The vulnerability is related to a cross-site...

CVE-2025-55620

A cross-site scripting XSS vulnerability in the valuateJavascript function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...