Linux Distros Unpatched Vulnerability : CVE-2022-30287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to...

Linux Distros Unpatched Vulnerability : CVE-2018-18541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send...

Next.js Improper Middleware Redirect Handling Leads to SSRF

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next. In self-hosted applications, this could allow Server-Side Request Forgery SSRF if certain sensitive headers from the incoming request...

Secure Satellite Communications Via Multiple Aerial RISs: Joint Optimization of Reflection, Association, and Deployment

Satellite communication is envisioned as a key enabler of future 6G networks, yet its wide coverage with high link attenuation poses significant challenges for physical layer security. In this paper, we investigate secure multi-beam, multi-group satellite communications assisted by aerial...

Linux Distros Unpatched Vulnerability : CVE-2018-1000613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlle...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

PT-2025-34373 · Shopizer · Shopizer

Name of the Vulnerable Software and Affected Versions: Shopizer version 3.2.7 Description: The server’s Cross-Origin Resource Sharing CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling...

CVE-2025-51605

CVE-2025-51605 affects Shopizer 3.2.7. The server’s CORS implementation reflects the Origin header verbatim into Access-Control-Allow-Origin and enables Access-Control-Allow-Credentials: true, allowing authenticated cross-origin requests and read of sensitive responses. Supported by multiple sour...

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-55420

FoxCMS v1.2.6 is affected by a Reflected XSS in the /index.php endpoint. The issue stems from unsanitized reflection of a crafted script via a GET request, enabling execution of arbitrary JavaScript when a logged-in user submits the malicious input. CVSSv3.1 base score 8.8 (HIGH) with NETWORK att...

CVE-2025-52621

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning...

CVE-2025-52621

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning...

CVE-2025-52621 HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning...

CVE-2025-52621

CVE-2025-52621 affects HCL BigFix SaaS Authentication Service. The issue is a cache-poisoning risk caused by the presence of an Origin header in HTTP responses coupled with an unvalidated reflection of that Origin value. Documents confirm the vulnerability but do not provide attack vectors, explo...

PT-2025-33512 · Hcl · Hcl Bigfix Saas

Name of the Vulnerable Software and Affected Versions: HCL BigFix SaaS affected versions not specified Description: HCL BigFix SaaS Authentication Service is susceptible to cache poisoning. The HTTP responses from BigFix SaaS include the Origin header, and its presence, combined with an unvalidat...

Malicious code in yyf-reflection (npm)

The package yyf-reflection was found to contain malicious code...

MAL-2025-40700 Malicious code in yyf-reflection (npm)

The package yyf-reflection was found to contain malicious code...

(0Day) Microsoft SharePoint GetTransformer Unsafe Reflection Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetTransformer method. The issue results from t...