EUVD-2025-30448

Malicious code in bioql PyPI...

Dotnetnuke < 10.1.0 Stored XSS Using Backend Admin Credentials (CVE-2025-59546)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....

CVE-2025-59548

DNN (DotNetNuke) is vulnerable to Reflected XSS in the CKEditor/FileBrowser prior to version 10.1.0. Specially crafted URLs to the FileBrowser could cause javascript injection when users click the link. The issue has been addressed in version 10.1.0 (patched). Affected software: DNN platform; vul...

PT-2025-39200

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Versions prior to 10.1.0 have a javascript injection issue related to specially crafted URLs to the...

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in versions prior to DNN...

CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...

CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...

Adobe Substance 3D Painter 缓冲区错误漏洞

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter version 10.1.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

PT-2024-8039 · Adobe · Substance3D - Painter

Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 10.1.0 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from a security flaw in the PUT /api/user handler...

HUAWEI EMUI/Magic UI 安全漏洞

Huawei EMUI and Huawei Magic UI are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei Magic UI is a smart device operating system. A security vulnerability exists in HUAWEI EMUI/Magic UI.The vulnerability stems from a lack of length...

CVE-2022-22396

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are...

CVE-2021-29694

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258...

IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2021-03005)

IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. An information disclosure vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker could...

IBM Emptoris Strategic Supply Management 跨站脚本漏洞

IBM Emptoris Strategic Supply Management is a platform for installing and managing the Emptoris suite of products from IBM USA. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3, which allows an attacker to alter the intended...

IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2020-33087)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

CVE-2020-4241

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM...

CVE-2020-4240

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417...

CVE-2020-4211

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022...

IBM Spectrum Protect Plus Command Injection Vulnerability (CNVD-2020-14207)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A command injection vulnerability exists in...