CVE-2025-55103

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

PT-2025-34283 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file...

Session Fixation

symfony is vulnerable to Session Fixation. An attacker is able to steal session tokens from users of a vulnerable Symfony application. The attacker could then use the stolen session tokens to impersonate the users and access their accounts...

GitLab 授权问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An Access Control Error vulnerability exists in GitLab...

NTLM BITS SYSTEM Token Impersonation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service.',...

Coinbase: open authentication bug

Hi, If developer registers one of the three url's with out http protocol ex:example.com in oauth registration then he would be redirected to www.coinbase.comexample.com.This makes the user to redirect to another site than the real application.Attacker could take advantage of this and steal the...