201 matches found
CVE-2025-27379
A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...
CVE-2025-27379 Stored Cross-Site Scripting in AES BOM Viewer
A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...
CVE-2025-27379 Stored Cross-Site Scripting in AES BOM Viewer
A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...
CVE-2025-27379
CVE-2025-27379 affects the BOM Viewer in Altium AES 7.0.3. A stored XSS vulnerability allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. The issue is tied to the Description...
PT-2026-3895
A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...
XML External Entity (XXE) Injection
cyclonedx-core-java is vulnerable to XML External Entity XXE injection. The vulnerability is due to an insecurely configured XML Validator, where external entity processing was not fully disabled during XML validation, allowing attackers to supply a crafted CycloneDX XML BOM that triggers externa...
GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution
The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...
cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.4 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
Cross-site Scripting (XSS)
com.liferay.portal, release.portal.bom is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of rich text form fields, which allows an attacker to inject a crafted payload that is later rendered in the browser and executes arbitrary web script or HTML...
CVE-2025-64518
An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...
Spring gRPC Next Steps for 1.0.0
This is a new blog post in the Road to GA series, this time updating everyone on the plans to integrate Spring gRPC with Spring Boot 4. The original plan was to move the autoconfiguration from Spring gRPC into Spring Boot in time for the 4.0 release. Unfortunately we haven't been able to find the...
CVE-2025-64518
CVE-2025-64518 affects CycloneDX core (Java). From 2.1.0 up to but excluding 11.0.1, the XML Validator in cyclonedx-core-java was insecurely configured, enabling XML External Entity (XXE) injection. The issue is tied to incomplete mitigation that fixed parsing but not validation (GHSA-683x-4444-j...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
GHSA-6FHJ-VR9J-G45R CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
GHSA-QH38-484V-W52X vulnerabilities
Vulnerabilities for packages: kubescape-operator, kratos, cert-manager-cmctl, iptables-wrappers, aws-signer-notation-plugin, neuvector-sigstore-interface, govulncheck, kapp, portieris, speedtest-go, stern, hivemind, kubernetes-csi-driver-hostpath, secrets-store-csi-driver, ipfs-cluster, cargobump...
CVE-2025-58188 vulnerabilities
Vulnerabilities for packages: kubescape-operator, kratos, cert-manager-cmctl, iptables-wrappers, aws-signer-notation-plugin, neuvector-sigstore-interface, govulncheck, kapp, portieris, speedtest-go, stern, hivemind, kubernetes-csi-driver-hostpath, secrets-store-csi-driver, ipfs-cluster, cargobump...