181 matches found
CVE-2025-57810
CVE-2025-57810 affects the jsPDF library. The issue arises when user control of the first argument to addImage allows untrusted image data/URLs to trigger high CPU usage, leading to denial of service. This vulnerability is present in versions prior to 3.0.2 and was fixed in jsPDF 3.0.2. Impact is...
CVE-2025-55291 Shaarli allows reflected XSS via searchtags parameter
Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting XSS vulnerability. This vulnerability is fixed in 0.15.0...
CVE-2025-24331
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privile...
PT-2025-32: Authentication bypass in NetScaler ADC
The discovered vulnerability in NetScaler ADC allows an attacker to bypass the authentication proceduce. The affected products: NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56 NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32 NetScaler ADC 13.1-FIPS and NDcPP BEFORE...
CVE-2023-30639
Archer Platform 6.8 before 6.12 P6 HF1 6.12.0.6.1 contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 6.11.0.4 is also a fixed release...
CVE-2023-45357
Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 6.14.0 is also a fixed release...
CVE-2023-45358
Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users...
CVE-2019-19610
An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Release 24.2020.20608.0...
CVE-2025-27820
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-31489
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
CVE-2024-34089
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When...
CVE-2024-11623
CVE-2024-11623 : Authentik is vulnerable to a Stored XSS via uploading crafted SVG files used as application icons. The issue requires an authenticated admin user and was fixed in 2024.10.4. Affected versions are prior to 2024.10.4; upgrade to 2024.10.4 or later to remediate. Workarounds include ...
CVE-2025-22129 Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, an...
PT-2025-5183 · Unknown · Genkisan Genki Announcement
Name of the Vulnerable Software and Affected Versions: Genkisan Genki Announcement versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be done by tricking the...
PT-2025-5195 · Nuanced Media · Wp Meetup
Name of the Vulnerable Software and Affected Versions: WP Meetup versions 2.3.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in Nuanced Media WP Meetup, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP...
PT-2025-3174 · Unknown · Greg Priday Simple Proxy
Name of the Vulnerable Software and Affected Versions: Greg Priday Simple Proxy versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables an attacker to inject...
PT-2024-12240 · Unknown · Featured Post Creative +1
Name of the Vulnerable Software and Affected Versions: Featured Post Creative versions 1.2.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative, which allows exploiting incorrectly configured access...
PT-2024-34934 · Codesnips · Codesnips
Name of the Vulnerable Software and Affected Versions: codeSnips versions n/a through 1.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject malicio...
Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems
Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...
PT-2024-33407 · Unknown · Sunburntkamel Disconnected
Name of the Vulnerable Software and Affected Versions: sunburntkamel disconnected versions n/a through 1.3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This is a Reflected XSS vulnerability, which affec...