Everyone Needs AIR: An Agnostic Incident Reporting Framework for Cybersecurity in Operational Technology

Operational technology OT networks are increasingly coupled with information technology IT, expanding the attack surface and complicating incident response. Although OT standards emphasise incident reporting and evidence preservation, they do not specify what data to capture during an incident,...

MediaWiki - Springboard Extension 安全漏洞

MediaWiki - Springboard Extension is an open source navigation extension for MediaWiki. A security vulnerability exists in the master version of MediaWiki - Springboard Extension, which stems from improper neutralization of special elements in commands and could lead to a command injection attack...

CVE-2025-47902

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...

Malicious Package

Overview stack-ui-elements is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.10.5.1...

Juniper Networks Junos OS Evolved Operating System Command Injection Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. Juniper Networks Junos OS Evolved suffers from an operating system command injection vulnerability that stems from improper handling of special elements, which could be exploited by an attacker to cause an OS...

EUVD-2025-34190

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...

CVE-2025-0636

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution...

CVE-2025-11731

A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads...

CVE-2025-11731

A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads...

JLSEC-2025-39 Possible XSS in HTMLSanitizer when using svg elements

Description When adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This behavior is similar to the sanitization bypass described in CVE-2020-40...

PT-2025-41894

Name of the Vulnerable Software and Affected Versions Winsure versions through August 21, 2025 Description A flaw exists in Winsure that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could allow an attacker to execute arbitrary SQL co...

SUSE CVE-2025-52885

Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which...

WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.10.5.1...

CVE-2025-52885

Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which...

CVE-2025-0636 Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2025-2208)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by an unknown individual in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.10.5.1...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by an unknown individual in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.10.5.1...

CVE-2025-41088

Stored Cross-Site Scripting XSS in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add a text element in the 'Global Elements' section, and finally modify the 'Text...