Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from a malicious URL construction issue that could lead to the execution of attacker-supplied scrip...

Dassault Systèmes ENOVIA Product Manager 安全漏洞

Dassault Systèmes ENOVIA Product Manager is a product lifecycle management software from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Product Manager Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x, which stems from a stored cross-site...

Dassault Systèmes DELMIA Service Process Engineer 安全漏洞

Dassault Systèmes DELMIA Service Process Engineer is a process planning software from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes DELMIA Service Process Engineer Release 3DEXPERIENCE R2025x, which stems from a stored cross-site scripting vulnerability that could...

PT-2025-47930

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

Google Chrome < 56.0.2924.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 56.0.2924.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201701stable-channel-update-for-desktop advisory. - A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and...

CVE-2025-13159

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

CVE-2025-61949

LogStare Collector is affected by CVE-2025-61949, a stored cross-site scripting vulnerability in the UserManagement component. The issue allows an arbitrary script to run in the browser of users who log in to the management page when crafted user information is stored. Documents confirm the affec...

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

WordPress plugin Bold Page Builder 安全漏洞

WordPress Bold Page Builder plugin is a WordPress page builder plugin that supports drag and drop editing and real-time front and back end previews for quickly creating responsive web page layouts. WordPress Bold Page Builder plugin suffers from a cross-site scripting vulnerability that stems fro...

WordPress plugin HT Mega 跨站脚本漏洞

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

TencentOS Server 3: httpd:2.4 (TSSA-2024:0763)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0763 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

PT-2025-47467

Name of the Vulnerable Software and Affected Versions DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392 DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805 DataDirect Connect for JDBC for Hive versions through 6.0.1.001499 DataDirect Connect...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

WordPress Popup addon for Ninja Forms plugin cross-site scripting vulnerability

WordPress Popup addon for Ninja Forms plugin is a WordPress form plugin that supports the creation of contact forms, signup forms and more. Its Popup/Modal plugin generates informational or promotional popups for email subscriptions, login signups, and other scenarios. A cross-site scripting...

EUVD-2025-197853

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

Updated yelp & yelp-xsl packages fix security vulnerability

The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...

WordPress Easy Email Subscription plugin cross-site scripting vulnerability

The WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website, allowing users to receive new content updates via email. WordPress Easy Email Subscription plugin suffers from a cross-site scripting vulnerability that stems from the...

CVE-2025-20353

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An...