CVE-2025-41011 HTML injection in PHP Point Of Sale

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...

CVE-2025-41011

CVE-2025-41011 — HTML injection in PHP Point of Sale v19.4 due to insufficient input validation in the /reports/generate/specific_customer endpoint (parameters: start_date_formatted, end_date_formatted). This allows rendering HTML in the victim’s browser. CVSS 4.0: Attack vector NETWORK; attack c...

PT-2026-33990

Name of the Vulnerable Software and Affected Versions PHP Point of Sale version 19.4 Description An issue exists where a lack of proper validation of user input allows an attacker to render HTML in the victim's browser. This occurs when sending a request to the endpoint '/reports/generate/specifi...

October 14, 2025—KB5066586 (OS Build 17763.7919)

October 14, 2025—KB5066586 OS Build 17763.7919 Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not update...

EUVD-2016-10794

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...

CVE-2016-15051

Nagios XI

PT-2025-44539

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from insufficient validation ...

EUVD-2025-24123

Malicious code in bioql PyPI...

CVE-2025-0419

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting XSS.This issue affects Zirve Nova: from 235 through 20250131...

KB5065767: Servicing stack update for Windows Server 2012 R2: September 9, 2025

KB5065767: Servicing stack update for Windows Server 2012 R2: September 9, 2025 Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devic...

June 10, 2025—KB5061059 (Monthly Rollup)

June 10, 2025—KB5061059 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only are...

May 13, 2025—KB5058430 (Monthly Rollup)

May 13, 2025—KB5058430 Monthly Rollup End of support information Support for Windows Server 2008 R2 has ended Windows Server 2008 R2 Premium Assurance ended on January 13, 2026.Windows Server 2008 R2 Extended Security Updates ESU ended on January 10, 2023. Additionally, Extended Security Updates ...

June 10, 2025—KB5060533 (OS Builds 19044.5965 and 19045.5965)

June 10, 2025—KB5060533 OS Builds 19044.5965 and 19045.5965 Notice for Surface Hub v1 users DO NOT install this update. Instead, install updateKB5063159. For more information, see the Known issues in this update section.​​​​​​​ --- Important Windows updates do not install Microsoft Store...

May 13, 2025—KB5058454 (Security-only update)

May 13, 2025—KB5058454 Security-only update End of support information Support for Windows Server 2008 R2 has ended Windows Server 2008 R2 Premium Assurance ended on January 13, 2026.Windows Server 2008 R2 Extended Security Updates ESU ended on January 10, 2023. Additionally, Extended Security...

June 10, 2025—KB5061078 (Monthly Rollup)

June 10, 2025—KB5061078 Monthly Rollup End of support information Support for Windows Server 2008 R2 has ended Windows Server 2008 R2 Premium Assurance ended on January 13, 2026.Windows Server 2008 R2 Extended Security Updates ESU ended on January 10, 2023. Additionally, Extended Security Updates...

June 10, 2025—KB5061072 (Security-only update)

June 10, 2025—KB5061072 Security-only update End of support information Support for Windows Server 2008 has ended Windows Server 2008 Premium Assurance ended on January 13, 2026.Windows Server 2008 Extended Security Updates ESU ended on January 10, 2023. Additionally, Extended Security Updates on...

CVE-2023-4471

The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the startdate and enddate parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

April 8, 2025—KB5055570 (Security-only update)

April 8, 2025—KB5055570 Security-only update End of support information Support for Windows Server 2008 R2 has ended Windows Server 2008 R2 Premium Assurance ended on January 13, 2026.Windows Server 2008 R2 Extended Security Updates ESU ended on January 10, 2023. Additionally, Extended Security...

April 8, 2025—KB5055557 (Monthly Rollup)

April 8, 2025—KB5055557 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only...