CVE-2025-8743 Scada-LTS Virtual Data Source Property data_source_edit.shtm cross site scripting

A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /datasourceedit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate...

CVE-2025-8743 Scada-LTS Virtual Data Source Property data_source_edit.shtm cross site scripting

A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /datasourceedit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate...

CVE-2025-8743

CVE-2025-8743 affects Scada-LTS up to 2.7.8.1. The vulnerability resides in the Virtual Data Source Property Handler, specifically the /data_source_edit.shtm endpoint, where manipulation of the Name parameter enables cross-site scripting. The issue can be exploited remotely and the exploit has be...

PT-2025-32416 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A cross-site scripting issue exists in Scada-LTS Virtual Data Source Property Handler. The manipulation of the Name argument in the /data source edit.shtm file can lead to exploitation. The...

The vulnerability of the ASUS DriverHub tool for installing and updating drivers is related to deficiencies in the data source verification mechanism. This allows a hacker to execute arbitrary code.

The vulnerability of the ASUS DriverHub tool for installing and updating drivers is related to deficiencies in the data source verification mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code with administrator privileges remotely...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...

Directory Traversal

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Directory Traversal via the getfilenameforeventid function when constructing file locations from untrusted eventid input without validation. An attacker can overwrite or create files in arbitrary...

CVE-2025-54662

creationtimestamp| type| source ---|---|--- 2025-07-29 06:46:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv3j4gsuag2o...

CVE-2025-52453

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Flow Data Source modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52453

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Flow Data Source modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52453

CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows and Linux, specifically in the Flow Data Source modules, that enables Resource Location Spoofing. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3....

CVE-2025-38463

creationtimestamp| type| source ---|---|--- 2025-07-25 16:21:55+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lushfadzopr2...

Salesforce Tableau 安全漏洞

Salesforce Tableau is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the Flow Data Source module and could...

DRUPAL-CONTRIB-2025-092

This module allows you to manage video media items using the COOKiES module disabling external video elements. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might...

CVE-2025-7656

creationtimestamp| type| source ---|---|--- 2025-07-16 12:17:24+00:00| seen| https://vulnerability.circl.lu/bundle/b205087a-783f-4a89-b594-104ef807c79c 2025-07-16 13:22:59+00:00| seen| https://t.me/truesecator/7238 2025-07-16 19:21:24+00:00| seen|...

CVE-2025-52988

creationtimestamp| type| source ---|---|--- 2025-07-11 16:20:52+00:00| seen| Telegram/G1BVFjjVwHoVhe8TZ-X1B5VzW6v5zvPrMvVXiBrcgvjc24...

CVE-2025-53006

DataEase before version 2.10.11 vulnerable due to improper handling of SSL-related JDBC connection parameters (sslfactory, sslfactoryarg, sslhostnameverifier, sslpasswordcallback, authenticationPluginClassName) which must be triggered after the connection is established. This affects PostgreSQL a...

CVE-2025-50695

creationtimestamp| type| source ---|---|--- 2025-06-24 16:47:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19379 2025-06-24 20:29:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsewrwzik22o...

CVE-2025-6569

creationtimestamp| type| source ---|---|--- 2025-06-24 15:47:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19363 2025-06-24 16:32:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsejjzceqq2r...

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX allows a perpetrator to elevate their privileges and execute arbitrary code.

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX lies in the use of an unreliable data source during the download of updates. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary cod...