homelab-security

Cybersecurity Home Lab A personal home lab built for hands-on...

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-12776

The CVE-2025-12776 case concerns the WebConsole Report Builder, where user input is stored directly in a web page and displayed to others, enabling a stored XSS risk. The issue is triggered when a user with edit permissions modifies a report; running the report does not execute the scripts, but e...

PT-2026-1700

Name of the Vulnerable Software and Affected Versions WebConsole affected versions not specified Description The Report Builder component stores user input directly into a web page and displays it to other users, potentially leading to a Cross-Site Scripting XSS attack. The scripts are executed...

PVS BIOS based target devices are slow to boot

PVS BIOS based target devices were slow to boot, with following observations: BIOS based target devices often taking tens of minutes to boot successfully, occasionally target devices may fail to boot. The network conditions in standard production network were non optimal for PVS boot performance...

GHSA-QF3Q-9F3H-CJP9 NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...

NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...

Cross site scripting

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...

CVE-2023-49785 NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...

Best Practices for Deployment of CITRIX SD-WAN

To configure the management access of SDWAN in a secure manner. https://docs.netscaler.com/en-us/citrix-sd-wan Citrix SD-WAN editions are typically deployed in an enterprise private network. We recommend that you deploy the Citrix SD-WAN solution wherein the management IPs are accessible only fro...

Whonix 13 - Anonymous Operating System

Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside...

Network name cannot contains the following symbols: ~`!@#$%^&*+=;'><|?*:"

Challenge When attempting to assign an Isolated Network name, the following error occurs: Network name cannot contains the following symbols: !@$%^&+=;'|?:" To allow a specific symbol, remove that symbol from the va...

VMSA-2014-0001:VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues

VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0001 VMware Security Advisory Synopsis: VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director addre...

VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues.

a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy NFC protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Serv...

How to perform SureBackup recovery verification manually in Standard edition

Solution To start, use the Instant VM Recovery feature. For a boot up test, go through the Instant Recovery wizard and power on the VM, but do not select a checkbox to connect the VM to a network. Please note that since there is no network connectivity, some applications will not start since they...

AzeoTech DAQFactory Networking Vulnerabilities

Overview ICS-CERT Advisory ICSA-11-122-01 was originally released to the US-CERT Portal on May 24, 2011. This web site release was delayed to allow users sufficient time to download and install the upgrade. ICS-CERT received a report from the nSense Vulnerability Coordination Team concerning...