CVE-2025-11004 Reflected XSS vulnerability in Simplicity Device Manager tool

The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...

CVE-2025-11004

The vulnerability CVE-2025-11004 is a reflected XSS in several API endpoints of the Simplicity Device Manager Tool. An attacker on the same network can exploit the issue, potentially affecting confidentiality, integrity, and availability of the system hosting the tool. The CVSS v4.0 vector indica...

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: gcsfuse, docker, ghaudit, k8ssandra-operator, crossplane-provider-gcp-fips, gops-fips, cloud-sql-proxy, kube-fluentd-operator, kubernetes-csi-external-attacher, nvidia-container-toolkit-fips, qemu-guesthelper, s5cmd, cilium-certgen, docker-compose, xcover,...

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: gcsfuse, k8ssandra-operator, ghaudit, crossplane-provider-gcp-fips, kubernetes-csi-external-attacher, cloud-sql-proxy, kube-fluentd-operator, s5cmd, qemu-guesthelper, cilium-certgen, docker-compose, gogatekeeper, thanos, crossplane-provider-family-aws-fips,...

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: gcsfuse, docker, ghaudit, k8ssandra-operator, crossplane-provider-gcp-fips, gops-fips, cloud-sql-proxy, kube-fluentd-operator, kubernetes-csi-external-attacher, nvidia-container-toolkit-fips, qemu-guesthelper, s5cmd, cilium-certgen, docker-compose, xcover,...

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

CVE-2025-11142

The CVE-2025-11142 vulnerability affects the VAPIX API mediaclip.cgi and arises from insufficient input validation, enabling potential remote code execution. Exploitation requires authentication with an operator- or administrator-privileged service account, and the impact is rated high (CVSSv3.1:...

CVE-2026-24321 Information Disclosure vulnerability in SAP Commerce Cloud

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does...

CVE-2026-2200

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.5 contained a path traversal vulnerability. This vulnerability stemmed from the use of case-sensitive string equality checks in the/api/file/getFile endpoint. In file systems tha...

PT-2026-7267

The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...

Kanboard 安全漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.50 contained security vulnerabilities. These vulnerabilities stemmed from the getSwimlane API method...

PT-2026-7419

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.0 through 4.14.5 Description FastGPT, an AI Agent building platform, has an issue where the plugin system can be accessed directly through the API endpoint /api/plugin/xxx without authentication. This affects versions...

Siemens Siveillance Video Management Servers

SUMMARY The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to...

Fedora 43 : cef (2026-792b1b7bbd)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-792b1b7bbd advisory. Update to Chromium 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block...

KLA90880 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in CSS can be exploited to cause denial of service or execute...

@cubejs-backend/server (>=1.5.0 <=1.5.12), @cubejs-backend/server-core (>=1.5.0 <=1.5.12) +1 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=1.5.0 <=1.5.12)

@cubejs-backend/api-gateway NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.12 Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...

@codefresh-io/cubejs-backend-server-core (>=0.30.77 <=0.35.47-rc.bp.2), @cubejs-backend-json-clone/server (=1.0.0) +15 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=0.27.53 <=1.0.12)

@cubejs-backend/api-gateway NPM version =0.27.53, =0.30.77, =0.3.1, =0.3.1, =0.3.1, =0.8.0, =0.8.0, =0.32.28, =0.29.4, =1.0.0, =0.27.30, =0.30.61, =0.32.0, =0.33.8 and more Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...

@cubejs-backend/server (>=1.1.0 <=1.4.0), @cubejs-backend/server-core (>=1.1.0 <=1.4.0) +2 more potentially affected by CVE-2026-25958 via @cubejs-backend/api-gateway (>=1.1.0 <=1.4.0)

@cubejs-backend/api-gateway NPM version =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.4.0 - cubejs-backend-server-core-fork =1.1.3 Source cves: CVE-2026-25958 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265447...

@cubejs-backend/server (>=1.5.0 <=1.5.12), @cubejs-backend/server-core (>=1.5.0 <=1.5.12) +1 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.5.0 <=1.5.12)

@cubejs-backend/api-gateway NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.12 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...