8493 matches found
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
CVE-2025-62265
CVE-2025-62265 is an XSS vulnerability in the Blogs widget of Liferay Portal and Liferay DXP, exploitable via a crafted iframe injected into a blog entry’s Content text field. The issue stems from the Blogs widget not adding a sandbox attribute to iframe elements, allowing remote attackers to run...
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
USN-7852-1 libxml2 vulnerability
It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This update adds a fix to libxml2 to mitigate the libxslt vulnerability...
PT-2025-44448
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal versions 7.3 GA through update 36 Liferay DXP versions 7.4 GA through update 92 Description A cross-site scripting XSS issue exist...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
XSSy.uk-Solve-lab-Notes
XSS Lab Solutions Source: https://xssy.uk/allLabs --- No...
CVE-2025-40068 fs: ntfs3: Fix integer overflow in run_unpack()
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...
CVE-2025-62921
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not verifying that the $BITMAP attribute is null, which could lead to improper index allocation...
RockyLinux 9 : thunderbird (RLSA-2025:18321)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18321 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...
EUVD-2025-36019
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...
CVE-2025-62921 WordPress Bulk Auto Image Title Attribute plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...
CVE-2025-62921
CVE-2025-62921 is a DOM-based XSS vulnerability in the WordPress plugin Bulk Auto Image Title Attribute (bulk-image-title-attribute)
CVE-2025-62921 WordPress Bulk Auto Image Title Attribute plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...
PT-2025-43798
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...
WordPress plugin Bulk Auto Image Title Attribute 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-38599)
jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't split into parts and spread across multiple eraseblocks, which means...