Multiple stored cross-site scripting vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Preview for Attachments CWE-79 - CVE-2025-58070 Stored cross-site scripting vulnerability in Body, Description and Comments CWE-79 -...

GROWI vulnerable to cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site scripting in the page alert function CWE-79 - CVE-2025-54806 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the...

PT-2025-43151

Name of the Vulnerable Software and Affected Versions RadiusTheme Testimonial Slider And Showcase Pro versions through 2.1.7 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows...

TencentOS Server 2: squid (TSSA-2025:0788)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0788 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

RHSA-2025:18154 Red Hat Security Advisory: firefox security update

Bulletin has no description...

PT-2025-42884

Name of the Vulnerable Software and Affected Versions CityPLus versions prior to 24.29500.1.0 Description An issue exists in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus that allows for the detection of unpublicized web pages, potentially leading to exposure of sensitive...

PT-2025-42933

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9 through 8.0.8.7 Oracle Financial Services Analytical Applications Infrastructure version 8.1.2.5 Description An easily exploitable issue exists in the Oracle...

USN-7829-1 linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - Netlink; CVE-2024-26700, CVE-2025-38727, CVE-2023-52593, CVE-2024-26896...

EUVD-2025-34997

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

Multiple vulnerabilities in ChatLuck

Overview ChatLuck provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability in Chat Rooms CWE-79 - CVE-2025-53858 Insufficient granularity of access control vulnerability in Invitation of Guest Users CWE-1220 - CVE-2025-54461 Cross-site scripting...

CVE-2025-43280

The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode...

CVE-2025-59051 FreePBX Endpoint Manager command injection via Network Scanning feature

The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

APSB25-97 : Security update available for Adobe Animate

Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory exposure...

Vulnerabilities fixed in Juniper Networks Junos Space

Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...

OESA-2025-2389 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a...

RHSA-2025:17651 Red Hat Security Advisory: compat-libtiff3 security update

Bulletin has no description...

RHSA-2025:17649 Red Hat Security Advisory: ipa security update

Bulletin has no description...

[SECURITY] Fedora 41 Update: webkitgtk-2.50.0-2.fc41

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

[SECURITY] Fedora 41 Update: apptainer-1.4.3-1.fc41

Apptainer provides functionality to make portable containers that can be used across host environments...