Siemens SIPROTEC 5 Use of Get Request Method with Sensitive Query Strings (CVE-2025-40742)

The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access. This plugin only works with Tenable.ot...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

CVE-2025-10955

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings.This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

CVE-2025-64174

Magento-lts is a long-term support alternative to Magento Community Edition CE. Versions 20.15.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts...

CVE-2025-10955

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

CVE-2025-10955 HTML Injection in Netcad Software's Netigma

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

CVE-2025-10955 HTML Injection in Netcad Software's Netigma

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

CVE-2025-10955

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

CVE-2025-10955

The CVE-2025-10955 entry affects Netcad Netigma: improper neutralization of input during web page generation (XSS) via HTTP query strings. Concrete details across connected records indicate affected versions include Netigma 6.3.5 before 6.3.5 V8 and versions up to 28102025. The root cause is impr...

[SECURITY] Fedora 42 Update: qt5-qtbase-5.15.18-1.fc42

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990581)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990581 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' coul...

PT-2025-45183

Name of the Vulnerable Software and Affected Versions Netigma versions 6.3.5 through 28102025 Description Netigma software contains a flaw related to improper neutralization of input during web page generation, potentially leading to Cross-site Scripting XSS. This issue arises from vulnerabilitie...

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

CVE-2025-31954 HCL iAutomate is susceptible to a sensitive information disclosure

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

[SECURITY] Fedora 43 Update: rust-interpolator-0.5.0-3.fc43

Runtime format strings, fully compatible with std's macros...

Improper Input Validation

@digitalocean/do-markdownit is vulnerable to Improper Input Validation. The vulnerability is due to the callout and fenceenvironment plugins using .includes substring matching when allowedClasses or allowedEnvironments are strings instead of arrays, which allows an attacker to bypass intended...

GHSA-QV78-C8HC-438R OpenMage vulnerable to XSS in Admin Notifications

Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...

[SECURITY] Fedora 42 Update: rust-interpolator-0.5.0-3.fc42

Runtime format strings, fully compatible with std's macros...

[SECURITY] Fedora 41 Update: rust-interpolator-0.5.0-3.fc41

Runtime format strings, fully compatible with std's macros...

CVE-2025-57109

Kitware VTK Visualization Toolkit is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations...