CVE-2025-28016

A Reflected Cross-Site Scripting XSS vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters...

CVE-2025-28016

The CVE-2025-28016 entry concerns the PHPGurukul User Registration & Login and User Management System v3.3. A Reflected Cross-Site Scripting (XSS) vulnerability exists in loginsystem/edit-profile.php, allowing remote attackers to execute arbitrary JavaScript via the fname, lname, and contact para...

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

CVE-2025-43820

A validated XSS vulnerability in the Liferay Calendar widget allows remote attackers to inject arbitrary scripts via crafted input in the user’s First Name, Middle text, or Last Name fields. Affected are Liferay Portal 7.4.3.35–7.4.3.110 and Liferay DXP 2023.Q4.0–2023.Q4.4, plus 7.3 Update 25–35 ...

CVE-2025-11112

A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-11146

Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”...

Employee Record Management System myprofile.php File Cross-Site Scripting Vulnerability

Employee Record Management System is an employee record management system. The Employee Record Management System suffers from a cross-site scripting vulnerability that arises from insufficient filtering of the First name parameter in the /myprofile.php file. An attacker can exploit this...

CVE-2025-11112

A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-11112 PHPGurukul Employee Record Management System myprofile.php cross site scripting

A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-11112

PHPGurukul Employee Record Management System 1.3 has a cross-site scripting vulnerability in the /myprofile.php file, caused by manipulating the First name parameter. The attack is described as remote and the exploit has been publicly disclosed. CVSS v3.1 base score 6.1 (MEDIUM) per NVD; related ...

PHPGurukul Employee Record Management System 代码注入漏洞

Employee Record Management System is an employee record management system. The Employee Record Management System suffers from a cross-site scripting vulnerability that arises from insufficient filtering of the First name parameter in the /myprofile.php file. An attacker can exploit this...

PT-2025-39783

Name of the Vulnerable Software and Affected Versions PHPGurukul Employee Record Management System version 1.3 Description A security issue exists in PHPGurukul Employee Record Management System version 1.3. Manipulation of the First name argument in the /myprofile.php file can lead to cross site...

CVE-2025-11052

creationtimestamp| type| source ---|---|--- 2025-09-27 09:13:06+00:00| seen| https://gist.github.com/Darkcrai86/859c36d851f1662f5c637f5785ca5c09...

OESA-2025-2328 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: In netsta...

Police using drones to read your license plates, warns EFF

Police are using drones as flying automated license plate readers ALPRs, according to a report by the Electronic Frontier Foundation EFF. And where there is a market, a provider will jump in. Or was it the other way around this time? Flock Safety, for example, recently told a group of potential l...

How to Gain Control of AI Agents and Non-Human Identities

We hear this a lot: "We've got hundreds of service accounts and AI agents running in the background. We didn't create most of them. We don't know who owns them. How are we supposed to secure them?" Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identitie...

PT-2025-39084

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A weakness exists in Campcodes Online Learning Management System. Manipulation of the firstname argument in the /admin/admin user.php file can lead to SQL injection. The attac...

ARD GEC en Ligne 安全漏洞

ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from an Ajax transaction manager endpoint that does not properly clean or encode the accountName field, which could lead to a cross-site scripting attack...

SUSE CVE-2025-39853

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty listfirstentry never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fi...