PT-2025-52429

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

CVE-2025-62000

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method fro...

CVE-2025-62000 BullWall Ransomware Containment incomplete file inspection

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method fro...

CVE-2025-62000

BullWall Ransomware Containment has an incomplete file-inspection mechanism that relies on header-byte evaluation. An authenticated attacker could encrypt a file while leaving the first four bytes unchanged, bypassing this specific detection method. The issue is limited: BullWall also employs add...

PT-2025-52338

Name of the Vulnerable Software and Affected Versions BullWall Ransomware Containment versions 4.6.0.0 through 4.6.1.4 Description BullWall Ransomware Containment does not fully inspect files to identify ransomware. An attacker with valid credentials can bypass detection by encrypting a file whil...

CVE-2023-53913 Rukovoditel 3.3.1 CSV Injection via User Account Export

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...

CVE-2025-8872

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

EUVD-2025-203841

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

CVE-2025-8872 A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

Linux Distros Unpatched Vulnerability : CVE-2025-68266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits mode fie...

Exploit for Cross-site Scripting in Oretnom23 Banking_System

Description 1. CVE-2025-14221 2. Discoverer: Fatma Trabelsi 3...

CVE-2024-58289

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

EUVD-2024-55342

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

PT-2025-51038

Name of the Vulnerable Software and Affected Versions Apple products affected versions not specified Description A permissions issue was identified and addressed through the implementation of additional restrictions. Recommendations At the moment, there is no information about a newer version tha...

CVE-2024-58289

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

CVE-2024-58289

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

PT-2025-50743

Name of the Vulnerable Software and Affected Versions Microweber version 2.0.15 Description The software contains a stored cross-site scripting issue that allows authenticated attackers to inject malicious scripts into user profile fields. Specifically, attackers can input script payloads into th...

Arbitrary Code Injection

Overview neuron-core/neuron-ai is a The PHP Agentic Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such in the MySQLSelectTool. A...