3862 matches found
CVE-2025-50574
Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...
UBUNTU-CVE-2025-40086
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...
CVE-2025-50574
CVE-2025-50574 is an XSS vulnerability affecting the Glamour Salon Management System v1, specifically in the blog-details.php component. The issue arises from insufficient input filtering on the blog comment section parameter, allowing remote attackers to inject arbitrary script or HTML. Multiple...
CVE-2025-50574
Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...
PT-2025-44408
Name of the Vulnerable Software and Affected Versions Glamour Salon Management System version 1 Description A cross-site scripting XSS issue exists in the blog-details.php component. This allows remote attackers to inject arbitrary web script or HTML through the blog comment section parameter. Th...
JeecgBoot Path Traversal Vulnerability
JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has a path traversal vulnerability that stems from a path traversal vulnerability in the interface...
Glamour Salon Management System 安全漏洞
Glamour Salon Management System is a salon management system by the individual developer Hiruna Gallage. A security vulnerability exists in Glamour Salon Management System v1, which stems from the blog comment section parameter in blog-details.php not being filtered correctly, which could lead to...
Malicious Package
Overview jira-ticket-todo-comment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2025-36808
Malicious code in jira-ticket-todo-comment npm...
Malicious code in jira-ticket-todo-comment (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f93f4caecf2a8d9f056f2b72cb51b1905579bf89bf8c1e994e68028c24d2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36523
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...
CVE-2025-34314
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...
CVE-2025-34314 IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...
ROS-20251028-09
A vulnerability in the Java library for JSON-lib bean-component conversion is related to improper handling unbalanced comment strings. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
PT-2025-44173
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the SRC, DST, a...
CVE-2025-60859
Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...
CVE-2025-60859
Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...
CVE-2025-60859
Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...
CVE-2025-60859
Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...
IBM DOORS Next Generation multiple vulnerabilities
RISK EVALUATION IBM Engineering Requirements Management DOORS contains multiple vulnerabilities that require authentication. These vulnerabilities include the ability to cause an application denial of service and JavaScript execution in the victim's browser through stored cross site scripting...