CVE-2025-8681

The CVE-2025-8681 entry describes a Stored XSS vulnerability in Pega Platform UI components affecting versions 7.1.0 through Infinity 24.2.2. A high-privilege user with a developer role is required to exploit. The issue stems from a stored XSS flaw in the user interface component, enabling inject...

CVE-2025-8681 Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role...

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

Linux Distros Unpatched Vulnerability : CVE-2024-9773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starti...

Linux Distros Unpatched Vulnerability : CVE-2023-5512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions startin...

CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI...

CVE-2015-4457

Multiple cross-site scripting XSS vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors...

JTEKT ELECTRONICS HMI ViewJet C-more 安全漏洞

JTEKT ELECTRONICS HMI ViewJet C-more is a series of human-machine interfaces from JTEKT ELECTRONICS, Japan. A security vulnerability exists in JTEKT ELECTRONICS HMI ViewJet C-more, which stems from an improper restriction at the UI layer that could lead to spoofing attacks...

DropBox Sign 安全漏洞

DropBox Sign DropBox HelloSign is a DropBox company that sends, receives and manages legally binding electronic signatures. A security vulnerability exists in DropBox Sign versions 2024-12-04 and earlier that stems from a misrepresentation of a user interface critical information vulnerability th...

PT-2024-35140 · Docusign · Docusign

Name of the Vulnerable Software and Affected Versions: DocuSign versions through 2024-12-04 Description: The issue concerns a User Interface UI Misrepresentation of Critical Information vulnerability that allows Content Spoofing. Specifically, the SaaS AI assistant ignores hidden content that is...

SolarWinds Platform 跨站脚本漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Platform that stems from susceptibility to a cross-site scripting attack that affects the search and node...

Argo CD 安全漏洞

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...

CVE-2023-39249

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables...

Honor Magic UI Security Flaw

Honor Magic Ui is an Android-based mobile operating system developed by Chinese company Honor. A security vulnerability exists in Honor Magic UI, which stems from the presence of a type obfuscation vulnerability, successful exploitation of which may result in a denial of service...

DEBIAN-CVE-2023-5186

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: High...

PT-2023-2885 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome on ChromeOS versions prior to 113.0.5672.114 Description: The issue is related to a use after free in the ChromeOS Camera component, which could allow a remote attacker to potentially exploit heap corruption via specific UI...

PT-2023-2206 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in the representation of information by the user interface. It may allow a remote attacker to conduct spoofing attacks. Recommendations:...

Fortra Cobalt Strike 跨站脚本漏洞

Fortra Cobalt Strike is an application from Fortra, Inc. provides you with a post-development agent and covert channel to mimic a quiet, long-term embedded participant in a customer's network. A security vulnerability in Fortra Cobalt Strike version 4.7.1, which stems from the inability to proper...

PT-2023-1767 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface. It allows a remote attacker to conduct spoofing attacks, affecting the system...

SUSE CVE-2022-4176

Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. Chromium security severity: High...