PT-2025-44794

Name of the Vulnerable Software and Affected Versions FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 Description A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization. This is due to missing authorization chec...

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

Cross-site Scripting (XSS)

Overview privatebin/privatebin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attachmentname parameter when attachments are enabled. An attacker can cause arbitra...

CVE-2025-62796

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

CVE-2025-62796

CVE-2025-62796 concerns PrivateBin where Versions 1.7.7–2.0.1 allow persistent HTML injection via the unsanitized attachment_name when attachments are enabled. An attacker can modify the filename before encryption, causing unescaped HTML to be inserted near the file size hint after decryption, en...

PT-2025-44214

Name of the Vulnerable Software and Affected Versions PrivateBin versions 1.7.7 through 2.0.1 Description PrivateBin is an online pastebin designed to ensure the server has no knowledge of pasted data. Versions 1.7.7 through 2.0.1 are susceptible to persistent HTML injection. This occurs through ...

CVE-2025-58070

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-58070

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

Multiple stored cross-site scripting vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Preview for Attachments CWE-79 - CVE-2025-58070 Stored cross-site scripting vulnerability in Body, Description and Comments CWE-79 -...

CVE-2025-58070

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-58070

CVE-2025-58070 affects Pleasanter: stored XSS in Preview for Attachments. Root cause is insecure handling in the attachment preview feature, enabling arbitrary script execution in a logged‑in user’s browser. Impact is user‑level (confidentiality/integrity not clearly affected beyond script execut...

EUVD-2025-35799

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-58070

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

PT-2025-43579

Name of the Vulnerable Software and Affected Versions Pleasanter affected versions not specified Description Pleasanter has a stored cross-site scripting issue in the Preview for Attachments feature. This allows an attacker to execute an arbitrary script within the web browser of a logged-in user...

CVE-2025-53071

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Upload Attachments. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2025-53071

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Upload Attachments. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2025-53071

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Upload Attachments. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

EUVD-2025-35263

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Upload Attachments. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

Introduction Cyberthreats are constantly evolving, and email phishing is no exception. Threat actors keep coming up with new methods to bypass security filters and circumvent user vigilance. At the same time, established – and even long-forgotten – tactics have not gone anywhere; in fact, some ar...