PT-2025-22515 · Wire · Wire-Webapp

Name of the Vulnerable Software and Affected Versions: wire-webapp versions 2025-05-14-production.0 through 2025-05-20-production.0 Description: The issue is related to a regression in the session invalidation process. When a user logs out of the Wire webapp, they could be automatically logged in...

CVE-2006-7187

Cross-site scripting XSS vulnerability in the showrecentsearches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable...

CVE-2006-7190

Cross-site scripting XSS vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc...

CVE-2009-5049

WebApp JSP Snoop page XSS in jetty though 6.1.21...

CVE-2006-7186

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927...

CVE-2006-7189

Cross-site scripting XSS vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer...

CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info'forum' variable...

Trend Micro Apex Central modTMCM Unrestricted File Upload Vulnerability

This vulnerability allows remote attackers to upload arbitrary files on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modTMCM webapp widget. The issue results from the lack of proper validation of...

org.apereo.cas:cas-server-support-shell (=5.2.0-RC2), org.apereo.cas:cas-server-webapp (>=5.2.0 <=5.2.6) +3 more potentially affected by CVE-2025-3986 via org.apereo.cas:cas-server-core-configuration-metadata-repository (>=5.2.0-RC2 <=5.2.6)

org.apereo.cas:cas-server-core-configuration-metadata-repository MAVEN version =5.2.0-RC2, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.6 Source cves: CVE-2025-3986 Source advisory: OSV:GHSA-MVWQ-HCRJ-F5X9...

org.apereo.cas:cas-server-webapp (=6.0.0-RC4), org.apereo.cas:cas-server-webapp-jetty (=6.0.0-RC4) +2 more potentially affected by CVE-2025-3986 via org.apereo.cas:cas-server-core-configuration-metadata-repository (=6.0.0-RC4)

org.apereo.cas:cas-server-core-configuration-metadata-repository MAVEN version =6.0.0-RC4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apereo.cas:cas-server-core-configuration-metadata-repository and may be impacted: -...

org.apereo.cas:cas-management-webapp (>=5.0.0 <=5.0.10) potentially affected by CVE-2025-3985 via org.apereo.cas:cas-management-webapp-support (>=5.0.0 <=5.0.9)

org.apereo.cas:cas-management-webapp-support MAVEN version =5.0.0, =5.0.0, =5.0.10 Source cves: CVE-2025-3985 Source advisory: OSV:GHSA-8RX4-FXQ5-VJ4V...

org.apereo.cas:cas-management-webapp (>=5.0.0 <=5.0.10) potentially affected by CVE-2025-3984 via org.apereo.cas:cas-management-webapp-support (>=5.0.0 <=5.0.9)

org.apereo.cas:cas-management-webapp-support MAVEN version =5.0.0, =5.0.0, =5.0.10 Source cves: CVE-2025-3984 Source advisory: OSV:GHSA-37PQ-893F-G7Q5...

org.apereo.cas:cas-management-webapp (>=5.0.0 <=5.0.10) potentially affected by CVE-2025-3984 via org.apereo.cas:cas-management-webapp-support (>=5.0.0 <=5.0.9)

org.apereo.cas:cas-management-webapp-support MAVEN version =5.0.0, =5.0.0, =5.0.10 Source cves: CVE-2025-3984 Source advisory: SNYK:JAVA-ORGAPEREOCAS-9893219...

org.apereo.cas:cas-management-webapp (>=5.0.0 <=5.0.10) potentially affected by CVE-2025-3985 via org.apereo.cas:cas-management-webapp-support (>=5.0.0 <=5.0.9)

org.apereo.cas:cas-management-webapp-support MAVEN version =5.0.0, =5.0.0, =5.0.10 Source cves: CVE-2025-3985 Source advisory: SNYK:JAVA-ORGAPEREOCAS-9893216...

CVE-2025-3984

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...

Apereo CAS 安全漏洞

Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo open source. A security vulnerability exists in Apereo CAS version 5.2.6, which stems from the file cas-5.2.6webapp-mgmtcas-management-webapp-...

Malicious code in sprocket-webapp-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f5d57baf1c9d4921b97830956bc52be3915cbc7653c64569768d18c5583c845a The OpenSSF Package Analysis project identified 'sprocket-webapp-poc' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2025-3279 Malicious code in sprocket-webapp-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f5d57baf1c9d4921b97830956bc52be3915cbc7653c64569768d18c5583c845a The OpenSSF Package Analysis project identified 'sprocket-webapp-poc' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

opencms 安全漏洞

opencms is a CMS system of fumiao individual developer. A security vulnerability exists in opencms V2.3, which originates from the file src/main/webapp/view/admin/document/dataPage.jsp being read by an arbitrary file...

Malicious code in tiktok_4d_webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee7b2f7d0a2a643de495f8b050981233231b51ed49c2dabb3e2de7b908b9fa7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...