CVE-2025-40841

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...

Badges, Bytes and Blackmail

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification ...

PagerDuty Runbook 安全漏洞

PagerDuty Runbook is an automation platform from PagerDuty USA. A security vulnerability exists in PagerDuty Runbook version 2025-06-12 and earlier, which stems from a configuration page that directly exposes stored keys, potentially leading to the disclosure of sensitive information...

Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an important toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

DokuWiki <= 2025-05-14a XSS Vulnerability

DokuWiki is prone to reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-10557

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

PT-2025-41349

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-47342 Description A temporary denial-of-service condition might happen when multiple profiles are used at the same time with QHS enabled. Recommendations At the moment, there is no information about a newer version that...

CVE-2025-8411 XSS in Dokuzsoft Technology's E-Commerce Web Design Product

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...

PT-2025-33131 · Webview · Webview

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-27388 Description: Loading arbitrary external URLs through WebView components introduces malicious JavaScript JS code that can steal arbitrary user tokens. Recommendations: At the moment, there is no information about a...

Linksys多款产品 命令注入漏洞

The Linksys RE6250, among others, is a wireless extender from Linksys USA. A command injection vulnerability exists in various Linksys products. The vulnerability stems from improper manipulation of the staticIp and staticNetmask parameters by the RPsetBasicAuto function, which may result in os...

Arm Development Studio 代码问题漏洞

Arm Development Studio is a software development tool designed for the Arm architecture from Arm UK. A code issue vulnerability exists in versions prior to Arm Development Studio 2025 that stems from an uncontrolled search path element that could lead to a DLL hijacking attack...

Salesforce OmniStudio 安全漏洞

Salesforce OmniStudio is a digitization platform from US-based Salesforce, Inc. A security vulnerability exists in Salesforce OmniStudio versions prior to 2025 that stems from an improper privilege retention issue that could lead to field-level security control bypass...

Salesforce OmniStudio 安全漏洞

Salesforce OmniStudio is a digitization platform from US-based Salesforce, Inc. A security vulnerability exists in versions of Salesforce OmniStudio prior to 2025, which stems from an improper privilege retention issue that could lead to the disclosure of encrypted data...

PT-2025-8947 · Unknown · Yukseloglu Filter B2B Login Platform

Name of the Vulnerable Software and Affected Versions: Yukseloglu Filter B2B Login Platform versions prior to 16.01.2025 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

CVE-2024-12251

In Progress Telerik UI for WinUI versions prior to 2025 Q1 3.0.0, a command injection attack is possible through improper neutralization of hyperlink elements...

Progress Telerik Document Processing Libraries 路径遍历漏洞

Progress Telerik Document Processing Libraries is a document processing library from Progress USA. A path traversal vulnerability exists in Progress Telerik Document Processing Libraries prior to version 2025 Q1, which stems from the fact that an unzip archive operation could lead to arbitrary fi...

CVE-2024-49699

creationtimestamp| type| source ---|---|--- 2025-01-14 12:49:56+00:00| seen| https://infosec.exchange/users/randomrobbie/statuses/113826791154115377 2025-01-21 13:59:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113866702059518211 2025-01-21 14:01:50+00:00| published-proof-of-concep...

PT-2025-3559 · Msfm · Msfm

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a SQL injection vulnerability via the s name parameter at the "table/list" endpoint. This vulnerability allows for potential exploitation. No information is provided about...

PT-2024-27240 · Autodesk · Autodesk Revit

Name of the Vulnerable Software and Affected Versions: Autodesk Revit versions prior to 2025 Description: A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. This allows a malicious actor to execute arbitrary code in the context of the current process...

CVE-2023-41061

creationtimestamp| type| source ---|---|--- 2023-09-07 22:18:53+00:00| exploited| https://t.me/cibsecurity/70106 2023-09-07 22:32:13+00:00| exploited| https://t.me/jokerplstaeen/20570 2023-09-08 06:02:37+00:00| seen| https://t.me/KomunitiSiber/759 2023-09-08 06:26:46+00:00| exploited|...