CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

CVE-2025-61196

CVE-2025-61196 affects BusinessNext CRMnext v10.8.3.0. The issue enables remote code execution via the comments input parameter due to improper handling of that input. Multiple sources (Red Hat, NVD, NVD mirrors, EUVD, CNNVD, CVE list) corroborate the vulnerability across the same product/version...

UBUNTU-CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

GHSA-PQHF-P39G-3X64 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

PT-2025-48544

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.0.0 through 11.0.2 Mattermost versions 10.5.0 through 10.5.12 Mattermost versions 10.11.0 through 10.11.4 Mattermost versions 10.12.0 through 10.12.1 Description The software does not properly check user permissions when...

EUVD-2025-36091

Malicious code in eslint-comments npm...

Malicious code in eslint-comments (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9b884dae745a33568d094bb6b65f967284aa6b3c41a44f0cd80010c56d840eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview eslint-comments is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-48775 Malicious code in eslint-comments (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9b884dae745a33568d094bb6b65f967284aa6b3c41a44f0cd80010c56d840eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-61931

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

Pleasanter 跨站脚本漏洞

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter, Inc. A cross-site scripting vulnerability exists in Pleasanter that stems from a stored cross-site scripting vulnerability in Body, Description, and Comments that could lead to an attacker executing arbitrary script in a...

Multiple stored cross-site scripting vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Preview for Attachments CWE-79 - CVE-2025-58070 Stored cross-site scripting vulnerability in Body, Description and Comments CWE-79 -...

CVE-2025-61931

CVE-2025-61931 describes a stored cross-site scripting vulnerability in Pleasanter, affecting the Body, Description and Comments fields. The vulnerability allows an attacker to execute arbitrary JavaScript in a logged-in user’s browser. Multiple connected sources (including JVNDB and Red Hat/NVD ...

CVE-2025-61931

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

EUVD-2025-35798

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-61931

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

PT-2025-43580

Name of the Vulnerable Software and Affected Versions Pleasanter affected versions not specified Description Pleasanter contains a stored cross-site scripting issue in the Body, Description, and Comments fields. This allows an attacker to execute an arbitrary script within the web browser of a...

REx86: A Local Large Language Model for Assisting in X86 Assembly Reverse Engineering

Reverse engineering RE of x86 binaries is indispensable for malware and firmware analysis, but remains slow due to stripped metadata and adversarial obfuscation. Large Language Models LLMs offer potential for improving RE efficiency through automated comprehension and commenting, but cloud-hosted...

CVE-2025-60506

Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting XSS via the Public Comments feature. An attacker with a low-privileged account e.g., Student can inject arbitrary JavaScript payloads into a comment. When any other user Student, Teacher, or Admin views the annotated PD...