CVE-2018-7277

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

CVE-2017-15304

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

CVE-2010-5340

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0...

CVE-2019-18210

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

CVE-2019-14913

An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel...

CVE-2017-20098

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

CVE-2012-5174

The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service persistent reboot via an e-mail message in an invalid format...

CVE-2004-2767

NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service connection slot exhaustion by establishing many FTP sessions that persist for the lifetime of a DS session...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.7 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.17.7 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

CVE-2025-45755

Vulnerable software: Vtiger CRM Open Source Edition v8.3.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload mapped to the Service Name field; when uploaded, the applica...

Ubiquiti UniFi Protect Cameras 安全漏洞

The Ubiquiti UniFi Protect Application is an enterprise-grade security monitoring platform that supports both home and business users. A security vulnerability exists in Ubiquiti UniFi Protect Application, which stems from a misconfigured access token mechanism that can be exploited by an attacke...

Malicious code in lmk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2038ad5438e131b27ac4909e8adaf2ed1ce6a0667a10b46ed02c33209e2708a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: virtio_pmem: add the missing REQ_OP_WRITE for flush bio

A flaw was discovered in the virtiopmem driver in the Linux kernel, where flush block I/O requests did not have the required REQOPWRITE operation code assigned before submission. Under workloads involving persistent memory block devices — for example, running mkfs.xfs on a pmem device,this omissi...

Malicious code in sw-cur (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b6e97eb66e9295d27e2c439734b0d7a8a4479ea22612dd7c5623827fcbb53eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24220

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from a privilege issue that could cause an...

System Prompt Poisoning: Persistent Attacks on Large Language Models beyond User Injection

Large language models LLMs have gained widespread adoption across diverse applications due to their impressive generative capabilities. Their plug-and-play nature enables both developers and end users to interact with these models through simple prompts. However, as LLMs become more integrated in...

CVE-2025-20181

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...

Important: Red Hat Security Advisory: RHODF-4.18-RHEL-9 security update

Updated images are now available for RHODF-4.18-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...