Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

Cisco Integrated Management Controller IMC is a set of software used by Cisco to manage UCS Unified Computing System, which supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down and restarting the server. A cross-site scripting vulnerability exists in Cisco...

Linux Distros Unpatched Vulnerability : CVE-2022-1726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to...

Linux Distros Unpatched Vulnerability : CVE-2024-11274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6...

Linux Distros Unpatched Vulnerability : CVE-2021-29963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating...

CVE-2025-55626

The CVE-2025-55626 entry concerns Reolink Smart 2K+ Plug-in Wi‑Fi Video Doorbell with Chime, firmware 3.0.0.4662_2503122283. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows unauthorized access to Admin-only settings and the ability to edit session storage. Root cause i...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

Missing Authorization

BackendAI is vulnerable to Missing Authorization. The vulnerability is due to session takeover caused by improper validation of session access, allowing attackers to hijack active sessions and access, steal, or alter session data...

CVE-2025-36005

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the...

Fedora 42 : webkitgtk (2025-5427adc3f4)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5427adc3f4 advisory. Limit the data stored in session state. Remove the empty area below the title bar in Web Inspector when not docked. Fix various crashes and renderin...

CVE-2025-27827

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker...

D-Link DIR-859 Router Path Traversal Vulnerability

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

CVE-2025-27827

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker...

CVE-2025-27827

Mitel MiContact Center Business legacy chat component (versions through 10.2.0.3) is affected by CVE-2025-27827 due to improper handling of session data, enabling an unauthenticated attacker to cause information disclosure. Exploitation requires user interaction and can lead to access to active c...

Mitel MiContact Center Business 安全漏洞

Mitel MiContact Center Business is an all-media contact center platform from Mitel Canada. The platform is used in customer communication, production management and other scenarios. A security vulnerability exists in Mitel MiContact Center Business version 10.2.0.3 and prior versions, which stems...

CVE-2025-27827

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker...

CVE-2025-27827

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker...

CVE-2025-23192

SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...

SAP BusinessObjects Business Intelligence 跨站脚本漏洞

SAP BusinessObjects Business Intelligence is an enterprise-class business intelligence solution from SAP. SAP BusinessObjects Business Intelligence suffers from a cross-site scripting vulnerability that originates from an unauthenticated attacker who can store malicious scripts, which can be...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20786)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by improper validation of user-supplied input in the session POST dataset. No detailed vulnerability...