appRain CMF cross-site scripting vulnerability (CNVD-2025-21115)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/baselibs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

CVE-2025-41050

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...

CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/baselibs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

org.webjars.npm:crypto-browserify (>=3.2.6 <=3.2.8), org.webjars.npm:node-libs-browser (>=0.5.2 <=0.5.3) +1 more potentially affected by CVE-2025-9288 via org.webjars.npm:sha.js (>=2.2.6 <=2.3.6)

org.webjars.npm:sha.js MAVEN version =2.2.6, =3.2.6, =0.5.2, =0.5.3 - org.webjars.npm:shasum =1.0.1 Source cves: CVE-2025-9288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-12089401...

MAL-2025-12219 Malicious code in @zalastax/nolb-lion-libs (npm)

The package @zalastax/nolb-lion-libs was found to contain malicious code...

MAL-2025-25413 Malicious code in linux-libs (npm)

The package linux-libs was found to contain malicious code...

Malicious code in dds-ddw_spa_libs_primeng (npm)

The package dds-ddwspalibsprimeng was found to contain malicious code...

Malicious code in linux-libs (npm)

The package linux-libs was found to contain malicious code...

Malicious code in @zalastax/nolb-lion-libs (npm)

The package @zalastax/nolb-lion-libs was found to contain malicious code...

Malicious code in @solanas-libs/check-balance (npm)

The package @solanas-libs/check-balance was found to contain malicious code...

MAL-2025-9331 Malicious code in @solanas-libs/check-balance (npm)

The package @solanas-libs/check-balance was found to contain malicious code...

Malicious code in lynx-libs-mono (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7dcde725ba12b559bfd1e62b8d6058ced4b0a5ed11b9f168f8f6f576b42ef801 The OpenSSF Package Analysis project identified 'lynx-libs-mono' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6796 Malicious code in lynx-libs-mono (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7dcde725ba12b559bfd1e62b8d6058ced4b0a5ed11b9f168f8f6f576b42ef801 The OpenSSF Package Analysis project identified 'lynx-libs-mono' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

Oracle OpenJDK 8.x - 11.x Vulnerability (Jul 2025)

Oracle OpenJDK is prone to a vulnerability in the core-libs/javax.script component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] Fedora 42 Update: python3.11-3.11.13-1.fc42

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary LibTIFF is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Core and Watson NLP CVE-2022-48281, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, . ncurses is used by IBM Robotic Process Automation for Cloud Pak as part of base container...

Security Bulletin: Vulnerability in aio-libs aiohttp affects IIBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in aio-libs aiohttp has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...