The vulnerability of the IBM i operating system, related to deficiencies in HTTP request processing, allows a perpetrator to trigger a service failure.

The vulnerability of the IBM i operating system is related to deficiencies in handling HTTP requests. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Bosch Rexroth ctrlX OS 安全漏洞

Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, Germany, designed as an open control platform for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that originates from a specially crafted HTTP request in the network...

Bosch Rexroth ctrlX OS 安全漏洞

Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, Germany, designed as an open control platform for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that originates from a specially crafted HTTP request in the web...

MDaemon Email Server 安全漏洞

MDaemon Email Server is an email server from MDaemon, Inc. A security vulnerability exists in MDaemon Email Server 25.0.1 and earlier versions, which originates from JavaScript code in specially crafted HTML emails and could lead to a cross-site scripting attack...

USN-7464-1 jupyter-notebook vulnerability

It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use this issue to cause a regular expression denial of service ReDoS...

CVE-2024-30113

Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...

UBUNTU-CVE-2025-46421

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect...

WordPress plugin License For Envato 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of server software like HAProxy, related to deficiencies in HTTP request processing, allows attackers to circumvent security restrictions and send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of server-side software like HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and send hidden HTTP requests a type of HTTP Request Smuggling attack...

WebServer 注入漏洞

WebServer is a C++ Linux WebServer server by MARK Individual Developers. An injection vulnerability exists in WebServer version 1.0, which originates from SQL injection due to manipulation of username/password parameters by the Login component in the file code/http/httprequest.cpp...

Tenable Network Security Nessus 安全漏洞

Tenable Network Security Nessus is a network vulnerability scanning tool developed by Tenable Network Security to detect security vulnerabilities and configuration errors in operating systems, network devices, and applications. Tenable Network Security Nessus contains a security vulnerability tha...

The vulnerability of the Downloads component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user’s interface.

The vulnerability of the Downloads component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to replace the user interface with a specially created HTML page...

PT-2025-16621 · WordPress · Wpfactory Custom Css

Name of the Vulnerable Software and Affected Versions: WPFactory Custom CSS, JS & PHP versions n/a through 2.4.1 Description: A Cross-Site Request Forgery CSRF issue allows Remote Code Inclusion. This is a critical issue that can be exploited remotely. Recommendations: For versions n/a through...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Scripting versions 12.2.3 throu...

Oracle Smart View for Office 安全漏洞

Oracle Smart View for Office is a full-featured tool from Oracle Corporation Oracle for accessing and integrating enterprise performance management, business intelligence, and general ledger content in Microsoft Office products. A security vulnerability exists in Oracle Smart View for Office...

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

CVE-2025-32426 Formie has a XSS vulnerability for email notification content for preview

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...

PT-2025-16085

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 2.3.2 EventON version 2.3.2 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

The vulnerability of Websoft HCM’s automation software for HR processes stems from insufficient validation of input data, allowing attackers to execute the displayed HTML code.

The vulnerability of Websoft HCM’s automation software for HR processes is related to insufficient verification of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code by sending a specially crafted POST request...

The vulnerability of Websoft HCM’s automation software for HR processes stems from insufficient validation of input data, allowing attackers to execute arbitrary HTML code.

The vulnerability of Websoft HCM’s automation software for HR processes is related to insufficient verification of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...