CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

Server-side Request Forgery (SSRF)

Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive authentication data...

EUVD-2025-201303

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

CVE-2025-13936 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

PT-2025-49156

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description An out-of-bounds write issue exists in the Command Line Interface CLI...

VulnCheck KEV: CVE-2025-34141

A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...

Sophos Intercept X 安全漏洞

Sophos Intercept X is an endpoint protection from Sophos UK. It protects against unknown malware, exploits and ransomware. A security vulnerability exists in Sophos Intercept X 2025.1 and prior versions, which stems from a local elevation of privilege and could lead to the execution of arbitrary...

CVE-2025-43566

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security...

CVE-2025-43559

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and...

MicroDicom DICOM Viewer 缓冲区错误漏洞

MicroDicom DICOM Viewer is a lightweight and easy-to-use application from MicroDicom, Inc. for processing and viewing medical images in DICOM format. A buffer error vulnerability exists in MicroDicom DICOM Viewer 2025.1 Build 3321 and prior versions, which originates from an out-of-bounds write a...

MicroDicom DICOM Viewer 缓冲区错误漏洞

MicroDicom DICOM Viewer is a lightweight and easy-to-use application from MicroDicom, Inc. for processing and viewing medical images in DICOM format. A buffer error vulnerability exists in MicroDicom DICOM Viewer 2025.1 Build 3321 and prior versions, which originates from an out-of-bounds read an...

CVE-2025-29932

In JetBrains GoLand before 2025.1 an XXE during debugging was possible...

MicroDicom DICOM Viewer 缓冲区错误漏洞

MicroDicom DICOM Viewer is a lightweight and easy-to-use application from MicroDicom, Inc. for processing and viewing medical images in DICOM format. A buffer error vulnerability exists in MicroDicom DICOM Viewer version 2025.1 Build 3321, which stems from an unknown function in the file mDicom.e...

PT-2025-6196 · Mentor Graphics · Modelsim +1

Name of the Vulnerable Software and Affected Versions: ModelSim versions prior to V2025.1 Questa versions prior to V2025.1 Description: A vulnerability has been identified that allows an authenticated local attacker to inject arbitrary code and escalate privileges. This is possible because an...