8322 matches found
GPT Academic Cross-Site Scripting Vulnerability
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site scripting vulnerability that stems from the Latex Proof-Reading Module's lack of effective filtering and escaping of user-supplied data, which ca...
kernel: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
A flaw was found in the vmwgfx module in the Linux kernel. Trying to read the /sys/kernel/debug/dri/0/mobttm file when the ttmresourcemanager is not allocated will cause a crash, resulting in a denial of service...
Eramba Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...
PT-2025-29014
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's wifi subsystem, specifically within the ath12k driver. A null access issue occurs in the assign channel context handler when ath12k mac assign vif t...
CVE-2025-0183 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...
GPT Academic 跨站脚本漏洞
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site scripting vulnerability that stems from the Latex Proof-Reading Module's lack of effective filtering and escaping of user-supplied data, which ca...
Vitess allows HTML injection in /debug/querylogz & /debug/env
...
CVE-2025-26555
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thorsten Ott Debug-Bar-Extender debug-bar-extender allows Reflected XSS.This issue affects Debug-Bar-Extender: from n/a through = 0.5...
WEM Agents are not listed in Console and failed to register
WEM Agents are not listed in Console and failed to register, Citrix WEM Agent Host Service Debug.log and Event Logs shows the below exception. ConfigurationDataSourcesHelper.CheckAgentBrokerServiceClient : System.ServiceModel.Security.SecurityNegotiationException : The caller was not authenticate...
CVE-2025-26555
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thorsten Ott Debug-Bar-Extender debug-bar-extender allows Reflected XSS.This issue affects Debug-Bar-Extender: from n/a through = 0.5...
CVE-2025-26555 WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Debug-Bar-Extender allows Reflected XSS. This issue affects Debug-Bar-Extender: from n/a through 0.5...
CVE-2025-26555
CVE-2025-26555 concerns WordPress Debug-Bar-Extender with a Reflected XSS in versions
CVE-2025-26555 WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thorsten Ott Debug-Bar-Extender debug-bar-extender allows Reflected XSS.This issue affects Debug-Bar-Extender: from n/a through = 0.5...
CVE-2025-27496
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...
WordPress plugin Debug-Bar-Extender 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-2002
CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device...
Malicious code in epic-debug (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d79b6f53b73a42bf490549818051758b4fafca55d32e9d85060712adfa1b5e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2381 Malicious code in epic-debug (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d79b6f53b73a42bf490549818051758b4fafca55d32e9d85060712adfa1b5e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...
CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...