Hot Chocolate 安全漏洞

Hot Chocolate is a backend runtime environment open source by ChilliCream. Versions prior to 12.22.7, 13.9.16, 14.3.1, and 15.1.14 of Hot Chocolate have security vulnerabilities. These vulnerabilities stem from the recursive parser’s lack of a recursion depth limit, which can lead to stack overfl...

📄 AVideo 14.3.1 Cross Site Scripting

AVideo version 14.3.1 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : AVideo 14.3.1 XSS vulnerability | | Author : indoushka | | Tested on :...

CVE-2025-6033 Memory Corruption issue in XML_Serialize() in NI Circuit Design Suite

There is a memory corruption vulnerability due to an out of bounds write in XMLSerialize when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

PT-2025-40007

Name of the Vulnerable Software and Affected Versions NI Circuit Design Suite versions 14.3.1 and prior Description A memory corruption issue exists due to an out-of-bounds read in the DefaultFontOptions function when using the SymbolEditor within NI Circuit Design Suite. Successful exploitation...

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

PT-2025-3119

Name of the Vulnerable Software and Affected Versions Umbraco CMS version 14.3.1 Description A stored cross-site scripting XSS vulnerability in Umbraco CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is only possible via authenticated users who have...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

Cross site scripting

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

CVE-2021-39878

Removed by vendor...

Design/Logic Flaw

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

CVE-2018-6443

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who...

DLA-128-1 sox - security update

Bulletin has no description...