CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is...

CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is...

CVE-2025-60188

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2.1...

EUVD-2025-38083

Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through = 1.23.9...

EUVD-2025-38127

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2...

CVE-2025-62039

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.6.6...

PT-2025-45306

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.6.6...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990567 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988736 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988684)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988684 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990303)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990303 advisory. In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989708 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990034)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990034 advisory. In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside i...

EUVD-2023-60042

Nagios XI versions prior to 2024R1.0.2 are vulnerable to cross-site scripting XSS via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2025-62895

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-46602

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

EUVD-2025-35994

Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through = 2.2.3...

CVE-2025-62895

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-62957 WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through = 1.0.0...

PT-2025-44014

Name of the Vulnerable Software and Affected Versions Dell SupportAssist OS Recovery versions prior to 5.5.15.0 Description Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an issue where sensitive information can be inserted into externally accessible files or directories. A...