PT-2025-19751 · Dbsyncer · Dbsyncer

Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: A stored cross-site scripting XSS issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter. Recommendations: For...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2025-45236

Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...

CLSA-2025-1746190792 libreoffice: Fix of 2 CVEs

CVE-2022-38745: avoid unnecessary empty -Djava.class.path= - CVE-2024-3044: add notify for script execution...

CVE-2022-42449

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.8 and prior to 16.2.0, which stems from an incomplete permissions analysis that could lead to malicious script...

WordPress plugin Able Player cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Able Playe...

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

IBM Operational Decision Manager 跨站脚本漏洞

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...

Medium: libreoffice

Issue Overview: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that support...

CVE-2024-52887

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list...

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

CVE-2024-52887

CVE-2024-52887 affects Check Point Mobile Access (R82 and prior). An authenticated end-user can set a specially crafted SNX bookmark that causes their browser to execute a script when accessing the bookmark list (stored/self-XSS in the ‘favorites’ dialog). Exact impact details are not quantified ...

Check Point Mobile Access 安全漏洞

Check Point Mobile Access is a secure and easy solution from Check Point Israel. It is used for smartphones, tablets or PCs to securely connect to corporate applications over the Internet. A security vulnerability exists in Check Point Mobile Access R82 and prior versions, which stems from the...

PT-2025-17987 · Check Point · Check Point Mobile Access

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An authenticated end-user can set a specially crafted SNX bookmark, which can cause their browser to run a script when accessing their own bookmark list. Recommendations: At the moment, ther...

PT-2025-17988 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue allows an authenticated end-user to potentially run a script while the portal attempts to display a directory or some file's properties. Recommendations: At the moment, ther...

Check Point Mobile Access 安全漏洞

Check Point Mobile Access is a secure and easy solution from Check Point Israel. It is used for smartphones, tablets or PCs to securely connect to corporate applications over the Internet. A security vulnerability exists in Check Point Mobile Access R82 and prior versions, which originates from a...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...