Google Android elevation of privilege vulnerability (CNVD-2025-11433)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from multiple locations containing an eavesdropping hijacking/overwriting attack that can be exploited by an attacker to gain access to a...

Vulnerability of software for optimizing and deploying AI-based application: The AMD Ryzen AI platform has a vulnerability related to incorrect default permissions, which allows attackers to increase their privileges and execute arbitrary code.

The vulnerability of software for optimizing and deploying AI-based applications on AMD Ryzen AI is related to incorrect default permissions for the installation folder. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

GHSA-4VJP-327P-W4QV Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution

Jenkins Templating Engine Plugin allows defining libraries both in the global configuration, as well as scoped to folders containing the pipelines using them. While libraries in the global configuration can only be set up by administrators and can therefore be trusted, libraries defined in folder...

CVE-2025-31722

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

PT-2025-12776 · Asustor · Adm

Name of the Vulnerable Software and Affected Versions: ADM versions 4.1.0 through 4.3.3.RH61 ADM version 5.0.0.RIN1 and earlier Description: A stored Cross-Site Scripting XSS issue exists in the Access Control of ADM. The vulnerability allows an attacker to inject malicious scripts into the folde...

CVE-2024-7058

A vulnerability in the sanitizepath function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personalityfolder on the victim's computer...

Relative Path Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Relative Path Traversal in the sanitizepath function, which does not account for ./ sequences in pathnames. An attacker can bypass the sanitization to access the contents of...

CVE-2024-7058

A vulnerability in the sanitizepath function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personalityfolder on the victim's computer...

CVE-2024-7058

A vulnerability in the sanitizepath function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personalityfolder on the victim's computer...

SUSE CVE-2025-27088

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to the "Add Folder" functionality allowing a rogue admin to inject XSS payloads as folder names...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient input sanitization in the "Add Folder" functionality. An attacker with admin privileges can exploit this by injecting malicious scripts int...

Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

GHSA-PVMX-MJMH-JFCX Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660 Stored XSS in Folder Function by Rogue Admin

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660

Concrete CMS is affected by a stored XSS in the Folder Function (Add Folder) for versions 9.0.0–9.3.9 due to insufficient input sanitization. An admin can inject XSS payloads into folder names, potentially executing in users’ browsers. The issue is associated with CVSS v4.0/4.0 vector (base 4.8, ...

Concrete CMS 输入验证错误漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. An input validation error vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.9, which stems from a lack of input cleanup in the Add Folder feature and could lead to a malicious...