dify 跨站脚本漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify, which stems from improper validation and cleanup of user input in the SVG markdown support and could lead to a stored cross-site scripting attack...

Inflectra SpiraTeam 安全漏洞

Inflectra SpiraTeam is a project management software from Inflectra, Inc. It is used for the management and delivery of software development and testing projects. A security vulnerability exists in Inflectra SpiraTeam version 7.2.00, which stems from the fact that uploading specially crafted SVG...

Cross-site Scripting (XSS)

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the uploadTo function in FileUpload.php. An attacker can execute scripts...

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1307)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for dpdk (EulerOS-SA-2025-1293)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

CVE-2025-30106

The CVE-2025-30106 entry concerns IROAD v9 dashcams that ship with hardcoded default credentials ("qwertyuiop") which cannot be changed by the user. The credential hardening absence enables an attacker within Wi‑Fi range to connect to the device’s network for sniffing. Public sources in the conne...

Contao 跨站脚本漏洞

Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that stems from the fact that users can upload SVG files...

Fedora: Security Advisory (FEDORA-2025-3110d5f423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1243)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1228)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the igc_clean_tx_ring() function in the drivers/net/ethernet/intel/igc/igc_main.c file of the Linux kernel’s Ethernet adapter support driver allows a attacker to cause a service failure.

The vulnerability of the igccleantxring function in the drivers/net/ethernet/intel/igc/igcmain.c file of the Linux kernel’s Ethernet adapter support module is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1259)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2025-1250)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of user-uploaded SVG files in the profile image upload feature. Authenticated users can upload SVG files containing malicious JavaScri...

WordPress WP SVG Upload plugin <= 1.0.0 - Author+ Stored XSS via SVG vulnerability

Author+ Stored XSS via SVG vulnerability discovered by Pierre Rudloff in WordPress Plugin WP SVG Upload versions = 1.0.0...

SAP NetWeaver AS Java XSS (March 2025)

SAP NetWeaver Application Server for Java is affected by cross-site scripting vulnerability: - User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting XSS. This could enable an attacker to inject malicious payload that gets stored and...

Fedora: Security Advisory (FEDORA-2025-a87bc329fe)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB5053594)

This host is missing an important security update according to Microsoft KB5053594 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...