SUSE CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Cross Site Scripting

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster banner - Stored XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero,...

DEBIAN-CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

UBUNTU-CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

CVE-2025-3155

CVE-2025-3155 is a documented flaw in Yelp (GNOME Help) where help documents can execute arbitrary scripts, enabling potential exfiltration of user files. The connected advisories corroborate that this affects the Yelp/Yelp-xsl components across multiple distributions (e.g., Debian, Red Hat-deriv...

CVE-2025-29412

A cross-site scripting XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-26127

A stored cross-site scripting XSS vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

tuned security update

An update is available for tuned. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The tuned packages provide a service that tunes system settings according to a...

RLSA-2024:10384 Important: tuned security update

The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: scriptpre and scriptpost options allow to pass arbitrary scripts executed by root CVE-2024-52336 tuned: improper sanitization of instancename parameter of the instancecreate...

CVE-2025-26127

A stored cross-site scripting XSS vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-26127

FileCloud v23.241.2 contains a stored XSS in the Send for Approval feature. The vulnerability allows an attacker to execute arbitrary web scripts or HTML in the victim’s browser via a crafted payload. CVSSv3.1 base score 5.0 (medium); vector: AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. No explicit explo...

CVE-2024-55060

A cross-site scripting XSS vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

CVE-2024-50705

Unauthenticated reflected cross-site scripting XSS vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter...

CVE-2024-50705

Unauthenticated reflected cross-site scripting XSS vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter...

CVE-2025-25818

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at articlesave.php...

CVE-2025-0918

The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-13465

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This mak...

CVE-2025-26158

A Stored Cross-Site Scripting XSS vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter...

CVE-2025-26158

A Stored Cross-Site Scripting XSS vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter...