386 matches found
CVE-2025-41117
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...
CVE-2025-41117 XSS in Grafana Explore stack trace
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...
CVE-2025-41117 XSS in Grafana Explore stack trace
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...
CVE-2025-41117
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...
TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion
The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...
Remote Code Execution (RCE)
UmbracoForms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied WSDL URLs used as data sources, which allows an authenticated attacker to supply a malicious web service definition and execute arbitrary code on the server...
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
CVE-2025-13773
creationtimestamp| type| source ---|---|--- 2025-12-24 05:37:02+00:00| seen| https://infosec.exchange/users/offseq/statuses/115772923621574352 2025-12-24 05:37:03+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mapkafmwk626 2025-12-24 05:45:28+00:00| seen|...
Assessing SIEM effectiveness
A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it is configured and what data sources are connected to it. A one-time SIEM setup during implementation is not enough: both the organization's...
CVE-2025-64460
creationtimestamp| type| source ---|---|--- 2025-12-02 14:49:11+00:00| seen| https://seclists.org/oss-sec/2025/q4/226 2025-12-02 16:31:29+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m6zekey5zw22 2025-12-02 19:01:50+00:00| seen|...
CVE-2025-13540
creationtimestamp| type| source ---|---|--- 2025-11-27 06:36:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6lqxlntkn2q 2025-11-27 07:33:58+00:00| seen| https://infosec.exchange/users/offseq/statuses/115620501057288487 2025-11-27 07:34:07+00:00| seen|...
ReVul-CoT: Towards Effective Software Vulnerability Assessment with Retrieval-Augmented Generation and Chain-Of-Thought Prompting
Context: Software Vulnerability Assessment SVA plays a vital role in evaluating and ranking vulnerabilities in software systems to ensure their security and reliability. Objective: Although Large Language Models LLMs have recently shown remarkable potential in SVA, they still face two major...
CVE-2025-64403
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...
CVE-2025-64403 Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...
CVE-2025-64403 Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...
CVE-2025-64403
CVE-2025-64403 affects Apache OpenOffice up to version 4.1.15 (Calc external data sources and other external links). Root cause is missing authorization checks that allow an attacker to craft a document to load links without prompting the user. A fix is available in OpenOffice 4.1.16. Other relat...
Apache OpenOffice 安全漏洞
Apache OpenOffice is an open source office software suite from the Apache USA Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases and more. A security vulnerability exists in Apache OpenOffice versions 4.1.15 and earlier, which stems from a lack of...
CVE-2025-12405 Unauthorized access through stored credentials in Looker Studio
An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...
PT-2025-45609
Name of the Vulnerable Software and Affected Versions Looker Studio affected versions not specified Description An improper privilege management issue was identified in Looker Studio, affecting all JDBC-based connectors. A Looker Studio user with report view access could create a copy of a report...
CVE-2025-31133
creationtimestamp| type| source ---|---|--- 2025-11-05 08:57:06+00:00| seen| https://seclists.org/oss-sec/2025/q4/138 2025-11-05 10:35:36+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m4uu364gd32h 2025-11-05 14:59:52+00:00| seen|...