CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

EUVD-2025-27029

Keycloak errordescription injection on error pages that can trigger phishing attacks...

EUVD-2024-0928

Malicious code in bioql PyPI...

CVE-2025-0546

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This...

Linux Distros Unpatched Vulnerability : CVE-2025-52926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface. CVE-2025-52926 Note that Nessus relies...

SUSE CVE-2013-1688

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in OpenEMR versions prior to 7.0.0.1 that stems fr...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. Details Cross-site scripting or XSS is a co...

Rocket.Chat: Impersonation in Sequential Messages

The vulnerability allowed an attacker to impersonate another user in sequential messages. The vulnerability existed in Rocket.Chat versions 3.18.2 and 4.0.3. It was caused by the ability to hide the leading message in a sequence using the customClass or className message attributes, making the...

PT-2021-5327 · Microsoft · Bing Search For Android

Name of the Vulnerable Software and Affected Versions: Microsoft Bing Search for Android affected versions not specified Description: The issue is related to errors in the representation of information by the user interface. It may allow a remote attacker to conduct spoofing attacks...

PT-2020-15388 · Jenkins · Jenkins Fitnesse Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.31 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not correctly escape report contents before showing them on the Jenkins...

CVE-2013-1688

CVE-2013-1688 affects Mozilla Firefox’s Profiler UI rendering where untrusted data is parsed, enabling user‑assisted remote attackers to execute arbitrary JavaScript via a crafted site. The issue is fixed by updating to Firefox 22.0+ (as reflected in MFSA 2013-52 and downstream advisories). OpenS...

CVE-2013-1688

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site...