CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

PT-2026-32381

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT from v8.3.0 to v8.3.1 contain security vulnerabilities. These vulnerabilities stem from insufficient input validation for the Name and Surname fields, which may lead to cross-site...

CVE-2025-63743

Snipe-IT web-based asset management system (v8.3.0–v8.3.1) is affected by an authenticated stored XSS: an attacker with login privileges can inject JavaScript via the Name/Surname fields, executed when the Activity Report or a profile is viewed if Display Name is not set. The issue is fixed in v8...

CVE-2026-25761

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

CVE-2026-25761

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

CVE-2026-25761 Command injection via crafted filenames in Super-linter Action

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

CVE-2026-25761 Command injection via crafted filenames in Super-linter Action

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

PT-2026-7152

Name of the Vulnerable Software and Affected Versions Super-linter versions 6.0.0 through 8.3.0 Description Super-linter is susceptible to command injection through specially crafted filenames. When used in GitHub Actions workflows, an attacker submitting a pull request with a file containing she...

SonarQube code issues and vulnerabilities

SonarQube is an open-source code inspection tool developed by Sonar. Version SonarQube 8.3.1 has a code-related vulnerability. This vulnerability stems from the lack of quotation marks around service paths, which may allow local attackers to gain SYSTEM privileges...

WordPress plugin WP Full Pay SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

PT-2025-43728

Name of the Vulnerable Software and Affected Versions Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress versions up to and including 8.3.1 Description The Stripe Payment Forms plugin for WordPress is susceptible to SQL Injection due ...

Ergon Informatik AG Airlock IAM 安全漏洞

Ergon Informatik AG Airlock IAM is a secure access management system from Ergon Informatik AG, Switzerland. A security vulnerability exists in Ergon Informatik AG Airlock IAM, which stems from a difference in password reset time and could lead to username enumeration. The following versions are...

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2023-3627

Cross-Site Request Forgery CSRF in GitHub repository salesagility/suitecrm-core prior to 8.3.1...

bulk-release (=2.15.30), zx-bulk-release (=2.15.30) +1 more potentially affected by CVE-2025-24959 via zx (=8.3.1)

zx NPM version =8.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on zx and may be impacted: - bulk-release =2.15.30 - zx-bulk-release =2.15.30 - zx-extra =3.0.28 Source cves: CVE-2025-24959 Source advisory: OSV:GHSA-QWP8-X4FF-5H87...

GHSA-QWP8-X4FF-5H87 ZX Allows Environment Variable Injection for dotenv API

Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or...

zx 代码注入漏洞

zx is a Google open source tool for writing scripts. A code injection vulnerability exists in zx version 8.3.1, which stems from the presence of an environment variable injection vulnerability that can lead to command execution or abnormal behavior...

Oracle MySQL Server 8.x <= 8.0.34, 8.1.x <= 8.3.0 Security Update (cpuapr2024) - Linux

Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2024-15568 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widget URL parameters due to insufficient input sanitization and output...