14 matches found
CVE-2025-59025
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...
EUVD-2025-199813
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...
CVE-2025-59025
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...
CVE-2025-59025
Technical details about CVE-2025-59025 are not publicly available in the provided documents; monitor for updates from vendors and security portals.
CVE-2025-59025
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...
PT-2025-48257
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...
PT-2025-22412 · Ejson2Env · Ejson2Env
Name of the Vulnerable Software and Affected Versions: ejson2env versions prior to 2.0.8 Description: The issue is related to inadequate output sanitization in the ejson2env tool, which can lead to command injection. This occurs when variable names or values contain malicious content, resulting i...
PT-2025-17071 · Unknown · Alvego Protected Wp-Login
Name of the Vulnerable Software and Affected Versions: alvego Protected wp-login versions n/a through 2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This type of issue occurs...
CVE-2024-54462
The file names constructed within imagepicker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could...
PT-2024-8536 · Unknown +4 · Modules::Scandeps +4
Name of the Vulnerable Software and Affected Versions: Modules::ScanDeps versions prior to 1.36 Description: The issue is related to the Modules::ScanDeps library, which does not properly sanitize input. This can allow an attacker to execute arbitrary shell commands. A local attacker could exploi...
PT-2024-18948
Name of the Vulnerable Software and Affected Versions jsonpath-plus versions prior to 10.0.7 Description The issue is related to Remote Code Execution RCE due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm ...
PT-2023-9813
Name of the Vulnerable Software and Affected Versions cross-spawn versions prior to 7.0.5 Description The issue is related to a Regular Expression Denial of Service ReDoS in the cross-spawn package. This occurs due to improper input sanitization, allowing an attacker to craft a large and...
CVE-2020-16956
A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...
Microsoft SharePoint Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to ...