PT-2025-52301

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A cryptography issue exists in Kentico Xperience that may allow attackers to manipulate URL hash values by exploiting existing hashing mechanisms. A hotfix introduces an additional...

Microsoft Endpoint Configuration Manager (CVE-2025-59501)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in the vendor advisory. It is, therefore, affected by an elevation of privilege vulnerability. An attacker could exploit this vulnerability by modifying the user principal...

Microsoft Endpoint Configuration Manager (October 2025)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB34503790. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges...

EUVD-1999-0253

Malware in sbrugna...

EUVD-2023-2537

Malicious code in bioql PyPI...

CVE-2023-41048

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

Hotfix XS82ECU1086 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1 and is only available to customers on theCustomer Success Servicesprogram. All customers who are affected by the issues described inCTX693178 - Citrix Hypervisor Security Bulletinshoul...

Hotfix XS82ECU1070 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. All customers who are affected by the issues described inCTX691115 - Citrix Hypervisor Security Bulletinshould install this hotfix. Note: This hotfix is available only to customers on...

Hotfix XS82ECU1066 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. All customers who are affected by the issues described in CTX691115 - XenServer and Citrix Hypervisor Security Update for CVE-2024-31143 and CVE-2024-31144 should install this hotfix...

GHSA-JJ7C-JRV4-C65X plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this, by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an...

plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this, by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an...

CVE-2023-41048

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

PYSEC-2023-311

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

CVE-2023-41048 plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

CVE-2023-41048 plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

Veritas NetBackup prior to 10.0 Privilege Escalation (VTS23-006)

The Veritas NetBackup application installed on the remote Windows host is prior to 10.0 or is missing a vendor-supplied security hotfix. It is, therefore, affected by privilege escalation vulnerability. An issue was discovered in Veritas NetBackup before 10.0. A vulnerability in the way NetBackup...

Directory traversal

3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs...

CVE-2022-48482

3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs...

CVE-2022-48482

CVE-2022-48482 affects 3CX Phone System on Windows prior to 18 Update 2 Security Hotfix 18.0.2.315. The issue is a directory traversal vulnerability in the /Electron/download interface that allows unauthenticated remote readers to access files (including credentials, backups, call recordings, and...

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...