CVE-2025-27514 GLPI is susceptible to Stored XSS attack through project's kanban

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.1...

CVE-2025-48366

GroupOffice (Intermesh BV) contains a stored blind XSS in the user profile Phone Number field, exploitable prior to versions 6.8.119 and 25.0.20. The payload can persist and execute when other users view the Address Book, enabling actions like forced redirects and unauthorized fetches. Versions 6...

PT-2022-14978 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server version 19c Description: The issue affects the Oracle Database - Advanced Queuing component, allowing a high-privileged attacker with DBA user privilege and network access via Oracle Net to compromise it. Successful...

SUSE-SU-2016:0389-1 Security update for postgresql91

This update of postgresql91 to 9.1.19 fixes the following issues: CVE-2015-5288: crypt pgCrypto extension couldi potentially be exploited to read a few additional bytes of memory bsc949669 Also contains all changes and bugfixes in the upstream 9.1.19 release:...

RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability

RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability Name RedShop Vendor http://redweb.dk Versions Affected 1.0.23.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-13 X. INDEX I. ABOUT THE...

Hastymail IMAP SMTP命令注入漏洞

Hastymail IMAP是一款由PHP编写的IMAP协议实现客户端。 Hastymail IMAP不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞执行其他SMTP命令。 由于对命令和信息缺少验证，可导致恶意用户注入任意IMAP/SMTP命令到邮件服务器，可导致绕过限制进行访问。 Hastymail Hastymail 1.5 Hastymail Hastymail 1.2 Hastymail Hastymail 1.1 Hastymail Hastymail 1.0.2 Hastymail Hastymail 1.0.1 升级程序： Hastymail Hastymail...

[SECURITY] New verion of dhcp released (updated)

Package: dhcp-client-beta dhcp-client Vulnerability type: remote root exploit Debian-specific: no The versions of the ISC DHCP client in debian 2.1 slink and debian 2.2 potato are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in...

FreeBSD-SA-00:02.procfs

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:01 Security Advisory FreeBSD, Inc. Topic: Old procfs hole incompletely filled Category: core Module: make Announced: 2000-01-24 Affects: All versions before the correctio...