Improper Cache Control

tutor is vulnerable to Improper Cache Control. The vulnerability is due to the absence of proper cache-control HTTP headers and client-side session checks, which allows an attacker to access sensitive information through cached or improperly validated sessions...

EUVD-2024-55313

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performi...

EUVD-2025-202521

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

PT-2025-50534

Name of the Vulnerable Software and Affected Versions Chyrp version 2.5.2 Description An authenticated user can inject malicious scripts into post titles. This is a stored cross-site scripting issue. An attacker can create payloads within the title field that will execute when a post is viewed by...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-65271

Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...

CVE-2025-62466

Null pointer dereference in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

EUVD-2025-202183

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

CVE-2025-62466

CVE-2025-62466 : Windows Client-Side Caching (CSC) Service contains a null pointer dereference vulnerability that allows an authenticated local attacker to escalate privileges . The issue is tied to CSC on Windows and is listed in multiple advisories as a privilege-elevation vulnerability affecti...

EUVD-2025-202251

Null pointer dereference in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

CVE-2025-62466 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

CVE-2025-62466 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

EUVD-2025-201817

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

KLA90811 Multiple vulnerabilities in Microsoft Product (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, spoof user interface, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a...

KB5071506: Windows Server 2008 R2 Security Update (December 2025)

The remote Windows host is missing security update 5071506. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network. CVE-2025-62549 - Heap-based buffer...

KB5071507: Windows Server 2008 Security Update (December 2025)

The remote Windows host is missing security update 5071507. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network. CVE-2025-62549 - Null pointer...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-36102

CVE-2025-36102 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue arises from client-side enforcement of server-side security, allowing a privileged user to bypass validation by passing user input into the application as trusted data. Impact described acro...

CVE-2025-36102 IBM Controller Validation Bypass

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...