CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

CVE-2025-9909 Aap-gateway: improper path validation in gateway allows credential exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

Remote Code Execution (RCE)

Apache Syncope is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe handling of custom Groovy implementations, where a malicious administrator can inject Groovy code that is executed by the Syncope Core at runtime, enabling remote code execution until sandboxing is...

Apache Syncope allows malicious administrators to inject Groovy code

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

Apache Syncope 安全漏洞

Apache Syncope is an open source digital identity management system from the Apache USA Foundation for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0.14 and 4.0.2, which stems fr...

EUVD-2021-17568

Malware in sbrugna...

EUVD-2020-25795

Malware in sbrugna...

EUVD-2016-7552

Malware in sbrugna...

EUVD-2017-16970

Malware in sbrugna...

EUVD-2024-47038

Malicious code in bioql PyPI...

PT-2025-42765

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0.0 through 3.0.13 Apache Syncope versions 4.0.0 through 4.0.1 Description Apache Syncope allows a malicious administrator to inject Groovy code that can be executed remotely by a running Apache Syncope Core instance...

CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable, feature-rich and so on. A security vulnerability exists in DNN versions prior to 9.13.9, which originates from a...

CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the...

WordPress plugin My WP Customize Admin/Frontend 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

XenServer and Citrix Hypervisor Security Update for CVE-2024-45818

Description of Problem An issue has been identified that affects both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR and allows a malicious administrator of a guest VM to cause the host to crash or become unresponsive. This issue has the following identifier: CVE-2024-45818 What Customers Should ...

CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...

Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A cross-site scripting XSS vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to...

CVE-2024-21798

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...