CVE-2025-65675

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...

CVE-2025-41087

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

CVE-2025-65676

CVE-2025-65676 is a stored XSS defect in Classroomio LMS 0.1.13, where authenticated attackers can upload crafted SVG cover images that execute code in the context of the application. Multiple adapters (NVD, Red Hat, EUVD, OSV, CIRCL, PT-Security, CNNVD, CVE lists, PacketStorm, etc.) consistently...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform open-sourced by ClassroomIO. A security vulnerability exists in ClassroomIO.com version 0.1.13, which originates in stored cross-site scripting and could allow an authenticated attacker to execute arbitrary code via a specially crafted SVG profile pictur...

CVE-2025-65675

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...

Unsupervised Anomaly Detection for Smart IoT Devices: Performance and Resource Comparison

The rapid expansion of Internet of Things IoT deployments across diverse sectors has significantly enhanced operational efficiency, yet concurrently elevated cybersecurity vulnerabilities due to increased exposure to cyber threats. Given the limitations of traditional signature-based Anomaly...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the v128.store instruction. An attacker can cause a segmentation fault and disrupt normal execution by triggering improper handling of memory operations. Remediation A fix was...

EUVD-2025-199656

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4...

CVE-2025-64704

The CVE-2025-64704 affects the WebAssembly Micro Runtime (WAMR) prior to version 2.4.4. The root cause is a segmentation fault in the v128.store instruction, leading to potential crashes or disruption of execution when processing Wasm code. The issue has been patched in WAMR 2.4.4, so upgrading t...

kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()

A buffer underwrite vulnerability exists in the linux kernel in the function skbunderpanic in ip6mrcachereport, leading to an attacker, via crafting a payload, could result in damage to system availability and integrity...

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

CVE-2025-41087

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

CVE-2025-41087 Cross-Site Scripting (XSS) stored in Taclia's web application

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

CVE-2025-41087 Cross-Site Scripting (XSS) stored in Taclia's web application

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

Taclia Web Application 跨站脚本漏洞

Taclia Web Application is a billing and business management platform from Taclia Spain. A cross-site scripting vulnerability exists in the Taclia web application that stems from an uploaded SVG image that is not properly cleaned, which could lead to a stored cross-site scripting attack...

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

PT-2025-47947

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

Revive Adserver User Management System Design Insecurity Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver has a user...

EUVD-2025-198966

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...