Lucene search
K

201 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/22 1:17 a.m.2 views

CVE-2025-27379

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

6.8CVSS5.2AI score0.00201EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 1:17 a.m.2 views

CVE-2025-27379 Stored Cross-Site Scripting in AES BOM Viewer

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

6.8CVSS5.3AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 1:17 a.m.24 views

CVE-2025-27379 Stored Cross-Site Scripting in AES BOM Viewer

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

6.8CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 1:17 a.m.14 views

CVE-2025-27379

CVE-2025-27379 affects the BOM Viewer in Altium AES 7.0.3. A stored XSS vulnerability allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. The issue is tied to the Description...

6.8CVSS5.3AI score0.00201EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-3895

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

6.8CVSS5.3AI score0.00201EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 4:29 a.m.7 views

XML External Entity (XXE) Injection

cyclonedx-core-java is vulnerable to XML External Entity XXE injection. The vulnerability is due to an insecurely configured XML Validator, where external entity processing was not fully disabled during XML validation, allowing attackers to supply a crafted CycloneDX XML BOM that triggers externa...

7.5CVSS5.5AI score0.00359EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/12/11 9:31 p.m.4 views

GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS7.8AI score0.00866EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/12/04 11:30 a.m.4 views

cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...

7.5CVSS5.7AI score0.00359EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/04 11:30 a.m.9 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

7.5CVSS7.1AI score0.00359EPSS
Exploits0References82
RedHat Linux
RedHat Linux
added 2025/12/01 9:2 p.m.8 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

7.5CVSS7.1AI score0.00359EPSS
Exploits0References15
Veracode
Veracode
added 2025/11/26 7:45 a.m.6 views

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of rich text form fields, which allows an attacker to inject a crafted payload that is later rendered in the browser and executes arbitrary web script or HTML...

6.1CVSS6.2AI score0.00224EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2025/11/12 2:3 p.m.20 views

CVE-2025-64518

An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...

7.5CVSS7.2AI score0.00589EPSS
Exploits0References8
Spring Security Advisories
Spring Security Advisories
added 2025/11/11 12:0 a.m.26 views

Spring gRPC Next Steps for 1.0.0

This is a new blog post in the Road to GA series, this time updating everyone on the plans to integrate Spring gRPC with Spring Boot 4. The original plan was to move the autoconfiguration from Spring gRPC into Spring Boot in time for the 4.0 release. Unfortunately we haven't been able to find the...

7AI score
Exploits0
CVE
CVE
added 2025/11/10 10:8 p.m.51 views

CVE-2025-64518

CVE-2025-64518 affects CycloneDX core (Java). From 2.1.0 up to but excluding 11.0.1, the XML Validator in cyclonedx-core-java was insecurely configured, enabling XML External Entity (XXE) injection. The issue is tied to incomplete mitigation that fixed parsing but not validation (GHSA-683x-4444-j...

7.5CVSS7.4AI score0.00359EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/10 10:8 p.m.5 views

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

7.5CVSS7.4AI score0.00359EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/10 10:8 p.m.12 views

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

7.5CVSS0.00359EPSS
Exploits0References5
OSV
OSV
added 2025/11/10 9:4 p.m.3 views

GHSA-6FHJ-VR9J-G45R CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...

7.5CVSS5.7AI score0.00359EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/11/10 9:4 p.m.16 views

CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...

7.5CVSS7.4AI score0.00359EPSS
Exploits0References7Affected Software1
Wolfi
Wolfi
added 2025/11/02 2:17 p.m.7 views

GHSA-QH38-484V-W52X vulnerabilities

Vulnerabilities for packages: kubescape-operator, kratos, cert-manager-cmctl, iptables-wrappers, aws-signer-notation-plugin, neuvector-sigstore-interface, govulncheck, kapp, portieris, speedtest-go, stern, hivemind, kubernetes-csi-driver-hostpath, secrets-store-csi-driver, ipfs-cluster, cargobump...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2025/11/02 2:17 p.m.11 views

CVE-2025-58188 vulnerabilities

Vulnerabilities for packages: kubescape-operator, kratos, cert-manager-cmctl, iptables-wrappers, aws-signer-notation-plugin, neuvector-sigstore-interface, govulncheck, kapp, portieris, speedtest-go, stern, hivemind, kubernetes-csi-driver-hostpath, secrets-store-csi-driver, ipfs-cluster, cargobump...

7.5CVSS7AI score0.00361EPSS
Exploits0
Rows per page
Query Builder