CVE-2025-61101

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkrmtitfaddr function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

Bdtask Wholesale Inventory Control SQL注入漏洞

Bdtask Wholesale Inventory Control is an inventory management system from Bdtask Bangladesh. A SQL injection vulnerability exists in Bdtask Wholesale Inventory Control 20251013 and earlier versions, which stems from incorrect manipulation of the parameter firstname/lastname in the file...

PT-2025-44035

Name of the Vulnerable Software and Affected Versions FRRouting/frr versions 4.0 through 10.4.1 Description A flaw exists in FRRouting/frr that allows for a Denial of Service DoS. This is due to a NULL pointer dereference within the show vty ext link adj sid function located in ospf ext.c. An...

CVE-2025-61105

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtylinkinfo function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

PT-2025-43962

Name of the Vulnerable Software and Affected Versions Bdtask Wholesale Inventory Control and Inventory Management System versions prior to 20251014 Description A security issue exists in Bdtask Wholesale Inventory Control and Inventory Management System. Manipulation of the first name and last na...

CVE-2025-11946 LogicalDOC Community Edition Add Contact frontend.jsp cross site scripting

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site...

Colliding with Adversaries at ECML-PKDD 2025 Adversarial Attack Competition 1st Prize Solution

This report presents the winning solution for Task 1 of Colliding with Adversaries: A Challenge on Robust Learning in High Energy Physics Discovery at ECML-PKDD 2025. The task required designing an adversarial attack against a provided classification model that maximizes misclassification while...

Mango discloses data breach at third-party provider

Mango has reported a data breach at one of its external marketing service providers. The Spanish fashion retailer says that only personal contact information has been exposed—no financial data. The breach took place at the service provider and did not affect Mango’s own systems. According to the...

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

GHSA-5264-M964-7PG9 Liferay Portal is vulnerable to XSS through its Calendar Events parameters

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the First Name, Middle Name, or Last Name fields in calendar events. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into these fields, which may be...

CVE-2025-62240

CVE-2025-62240 is a cross-site scripting (XSS) vulnerability affecting Liferay Portal 7.4.3.35–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, 2023.Q3.1–2023.Q3.7, plus 7.4/7.3 updates in those lines. The issue occurs in calendar events where crafted input in user name fields (First Name, Middle N...

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog

Security is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Whether you’re shaping strategy or working on the front lines, Microsoft Ignite offers direct access to the latest advancements and practica...

CVE-2025-60318

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...

CVE-2025-60318

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...

CVE-2025-60318

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or the name of flagged content. An attacker can execute arbitrary web...

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...