Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an important toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

PT-2025-49528

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x Description A reflected Cross-site Scripting XSS issue exists in ENOVIA Collaborative Industry Innovator. This allows an attacker to execute...

Adobe Experience Manager (AEM) Groovy Console

The remote Adobe Experience Manager AEM expose a Groovy console that allows users to execute arbitrary Groovy scripts on the server. This can lead to remote code execution and complete compromise of the AEM instance and the underlying server. No source data...

Sony Camera SNC-CX600W Cross-site scripting (CVE-2025-64730)

Cross-site scripting vulnerability exists in SNC-CX600W. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2025-58486

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...

Grav Cross-Site Scripting Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30345)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30346)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30347)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30348)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

RockyLinux 9 : redis (RLSA-2025:20926)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20926 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...

CVE-2025-58486

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...

EUVD-2025-200132

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...

CVE-2025-58486

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

Grav 跨站脚本漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav 跨站脚本漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

Grav 跨站脚本漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...