CVE-2025-14560 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

PT-2026-6214

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.72 Description Claude Code is an agentic coding tool. A flaw in command parsing allowed bypassing the confirmation prompt, potentially triggering the execution of untrusted commands via the find command...

Schneider Electric EcoStruxure Power Monitoring Expert 输入验证错误漏洞

Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric France for power distribution monitoring in IoT environments. An input validation error vulnerability exists in Schneider Electric EcoStruxure Power Monitoring Expert version 9.0 and prior versions, which...

U.S. Dept Of Defense: XSS Reflected on https://███ (███ parameter)

Greetings, i've found an xss on https://█████ ██████████ parameter link : https://█████/████████?████████=%22%3E%3Cscript%3Ealert/frenchvlad/;%3C/script%3E&██████████ Payload : "alert/frenchvlad/; ██████ best regards, frenchvlad Impact A reflected XSS vulnerability happens when the user input fro...