PT-2025-10823

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A use after free condition exists in Microsoft Office, allowing an unauthorized attacker to execute code. The issue enables remote attackers to execute arbitrary code and affect the...

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Fortinet FortiWeb Web application firewall rules bypass by using an empty filename (FG-IR-23-115)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-115 advisory. - Two improper handling of syntactically invalid structure vulnerabilities CWE-228 in FortiWeb may allowan...

Fortinet FortiWeb Directory Traversal Arbitrary File Write (FG-IR-24-439)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-439 advisory. - A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through...

Linux Distros Unpatched Vulnerability : CVE-2016-6814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization...

CKEditor 41.3.0 < 44.2.1 XSS

The version of CKEditor included on the remote web host is 41.3.0 prior to 44.2.1. It may, therefore, be affected by a cross-site scripting XSS vulnerability. This vulnerability affects user markers, which represent users' positions within the document. It can lead to unauthorized JavaScript code...

CKEditor 41.3.0 - 44.2.0 XSS Vulnerability

CKEditor 5 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. Th...

GHSA-J3MM-WMFM-MWVH Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. Th...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-40584

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0...

CVE-2024-12755

A Cross-Site Scripting XSS vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-27781

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all...

CVE-2024-12755

A Cross-Site Scripting XSS vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information...

CVE-2024-12755 Avaya Spaces XSS Vulnerability

A Cross-Site Scripting XSS vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information...

CVE-2024-12755 Avaya Spaces XSS Vulnerability

A Cross-Site Scripting XSS vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information...