Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in select-organization.ftl - shown on the organization selection login page - since the organization.alias value is inserted into an inline JavaScript onclick handler. A user with manage-realm or...

CVE-2026-4415

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

Improper Validation of Unsafe Equivalence in Input

Overview alt-design/alt-redirect is an Alt Redirect addon, add Redirects to your site Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via handling of query string parameters when the "Query String Strip" feature is enabled. An attacker can...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-37129

CVE-2025-37129 describes a vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways . An authenticated attacker could exploit the built-in script execution capability to execute arbitrary commands on the underlying operating system if the feature is enabled ...

CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...