PT-2025-29746 · Nanbu · Nanbu Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: nanbu Welcart e-Commerce versions through 2.11.16 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This can potentially lead to the...

META-INF Kft. Email This Issue 安全漏洞

META-INF Kft. Email This Issue is an advanced email management plugin for Jira from Hungarian company META-INF Kft. A security vulnerability exists in versions prior to META-INF Kft. Email This Issue 9.13.0-GA, which stems from the injection of a specially crafted payload into the recipient field...

CVE-2024-42912

A cross-site scripting XSS vulnerability in META-INF Kft. Email This Issue Data Center before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the recipient field of an e-mail message...

CVE-2025-53834

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker t...

CVE-2025-53834 Caido Toast Vulnerable to Reflected Cross-site Scripting

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker t...

CVE-2025-53834

Caido Toast XSS (CVE-2025-53834): A reflected XSS vulnerability exists in Caido’s toast UI component in versions before 0.49.0, where unsanitized user input reflected in tools like Match&Replace and Scope can lead to arbitrary script execution. The issue is fixed in version 0.49.0. Affected produ...

Caido 跨站脚本漏洞

Caido is a Caido open source application. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. A cross-site scripting vulnerability exists in versions prior to Caido 0.49.0 that stems from reflective cross-site scripting and could lead to arbitrar...

CVE-2025-30661

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can...

CVE-2025-30661

CVE-2025-30661 affects Juniper Networks Junos OS line cards (MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, EX9200-15C). The root cause is an incorrect permission assignment in line card script processing that lets a local, low-privilege user install scripts which are executed as root at sy...

CVE-2025-30661 Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can...

CVE-2025-41442

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosu...

CVE-2025-53397 Advantech iView Cross-site Scripting

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other...

DEBIAN-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

ALPINE-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

AZL-65079 CVE-2025-27614 affecting package git for versions less than 2.45.4-1

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

CVE-2025-27614 Gitk allows arbitrary command execution

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

Advantech iView 跨站脚本漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...

CLSA-2025-1752089153 redis: Fix of CVE-2024-31449

CVE-2024-31449: fix stack buffer overflow in bit library triggered by Lua script execution...