RLSA-2025:3408 Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

git security update

An update is available for git. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-17110)

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems...

WordPress User Registration Plugin Cross-Site Scripting Vulnerability

WordPress User Registration Plugin is a plugin for extending the functionality of WordPress, mainly used to create custom user registration forms, manage user accounts and implement membership features. WordPress User Registration Plugin suffers from a cross-site scripting vulnerability that stem...

WordPress Qwizcards plugin cross-site scripting vulnerability

WordPress Qwizcards plugin is a plugin for the WordPress platform that is mainly used to create online quiz question and answer test and flashcard flashcard content. WordPress Qwizcards plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

Simopro Technology WinMatrix3 Cross-Site Scripting Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a cross-site scripting vulnerability that stems from the application's lack of...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

Security Bulletin: Host Header Injection Vulnerability in IBM Operations Analytics - Log Analysis (CVE-2024-40686)

Summary Host header vulnerability in IBM Operations Analytics - Log Analysis allows remote attackers to execute scripts within the application context via remote file inclusion. This has been addressed. Vulnerability Details CVEID:CVE-2024-40686 DESCRIPTION: IBM SmartCloud Analytics - Log Analysi...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

ETQ Reliance CG 安全漏洞

ETQ Reliance CG is a quality management system from ETQ Corporation. A security vulnerability exists in ETQ Reliance CG that stems from the SQLConverterServlet component being susceptible to a reflective cross-site scripting attack, which could lead to the execution of unauthorized scripts in the...

CVE-2025-51860

TelegAI (telegai.com) is affected by a Stored XSS (CVE-2025-51860) in its chat component and character container. The vulnerability allows an attacker to craft an AI Character with SVG XSS payloads in fields such as description, greeting, example dialog, or system prompt, causing arbitrary client...