1943 matches found
CVE-2025-53000 nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...
CVE-2025-14696
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...
EUVD-2025-203322
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...
Sixun Shanghui Business Management System 授权问题漏洞
Sixun Shanghui Business Management System is a group business management system from Sixun, a Chinese company. An authorization issue vulnerability exists in Sixun Shanghui Business Management System version 4.10.24.3, which stems from a weak password recovery issue in...
PT-2025-51184
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...
CVE-2025-67730
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
CVE-2025-67730
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
EUVD-2025-203048
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
CVE-2025-67730
CVE-2025-67730 affects Frappe Learning Management System (LMS). Details across sources show that versions prior to 2.42.0 allow authenticated users to inject malicious HTML and JavaScript via description fields in the Job, Course, and Batch forms, leading to cross-site scripting (XSS). The issue ...
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
PT-2025-50902
Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated users to inject malicious HTML and JavaScript code through description fields within the Job, Course, and Bat...
Frappe Learning Management System 跨站脚本漏洞
Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning Management System versions prior to 2.42.0, which stems from malicious HTML and JavaScript that can be injected into t...
CVE-2025-66433
HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...
Linux Distros Unpatched Vulnerability : CVE-2025-66433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Advanced Scanner A comprehensive command-line...
Exploit for Code Injection in Pivotal_Software Spring_Data_Commons
SpringBoot-Toolkit An interactive penetration-testing tool de...
CVE-2025-66559
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...