2786 matches found
CVE-2025-14007
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...
CVE-2025-14007 dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...
CVE-2025-14007 dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...
CVE-2025-14007
CVE-2025-14007 affects dayrui XunRuiCMS up to v4.7.1. Affected component: the Domain Name Binding Page, specifically the file path /admin79f2ec220c7e.php?c=api&m=demo&name=mobile. Root cause described as incorrect handling/manipulation in that page, resulting in cross-site scripting. Attacker can...
XunRuiCMS 代码注入漏洞
XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code injection vulnerability exists in XunRuiCMS 4.7.1 and earlier versions, which stems from incorrect manipulation of the component Domain Name Binding Page in the file /admin79f2ec220c7e.php, which cou...
PT-2025-49029
Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A cross site scripting issue exists in dayrui XunRuiCMS. The issue is located in the Domain Name Binding Page, specifically within the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile. The...
Exploit for CVE-2025-55182
CVE-2025-55182 and CVE-2025-66478 Technical Analysis of Ar...
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
India's Department of Telecommunications DoT has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number. To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai,...
Authorization Bypass Through User-Controlled Key
Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing authorization check when binding a WebSocket session to a user-supplied threadId. An attacker can exploit this weakness by providin...
GHSA-V4HV-RGFQ-GP49 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...
Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...
EUVD-2025-175330
Keycloak has debug default bind address...
Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)
Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...
Command Injection
Overview fugue is an An abstraction layer for distributed computation Affected versions of this package are vulnerable to Command Injection via the decode function, which invokes cloudpickle.loads on untrusted data. An attacker can execute arbitrary code on the server by sending specially crafted...
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-13223link is external Google Chromium V8 Type Confusion Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the insecure default binding of the Java Debug Wire Protocol JDWP port to all network interfaces when debug mode is enabled. An attacker can gain unauthorized access to the Java virtual machi...
Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...
SUSE SLES12 Security Update : kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2025:4058-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4058-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: -...
SUSE SLES15 Security Update : kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2025:4062-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4062-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.116 fixes various security issues The following security issues were fixed: ...