7028 matches found
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by stored Cross-Site Scripting
Summary A vulnerability has been addressed by IBM Engineering Lifecycle Management - Jazz Foundation, related to stored Cross-Site Scripting. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2025-1826 DESCRIPTION: IBM Engineerin...
EUVD-2025-36683
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...
CVE-2025-60595
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...
CVE-2025-60595
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...
SPH Engineering UgCS 安全漏洞
SPH Engineering UgCS is a UAV mission planning and flight control software from the Latvian company SPH. A security vulnerability exists in SPH Engineering UgCS version 5.13.0, which originates from a vulnerability that could lead to arbitrary code execution...
CVE-2025-60595
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...
Vertikal Systems Hospital Manager Backend Services
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access to and disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
CVE-2025-54967
An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...
CVE-2025-54965
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...
CVE-2025-54969
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...
Cisco IOS XE Software HTTP API Command Injection (cisco-sa-ios-xe-cmd-inject-rPJM8BGL)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call...
EUVD-2025-36228
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...
EUVD-2025-36206
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...
CVE-2025-54965
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...
CVE-2025-54965
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...
CVE-2025-54967
An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...
CVE-2025-54969
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...
CVE-2025-54967
An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...
CVE-2025-54969
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...
EUVD-2025-36213
An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...