EUVD-2025-38302

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

CVE-2025-36135

CVE-2025-36135 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway across multiple versions (6.0.0.0–6.1.2.7_1, 6.2.0.0–6.2.0.5, and 6.2.1.0). The vulnerability is Cross-Site Scripting (CWE-79) that allows an authenticated user to embed arbitrary JavaScript in the Web UI, potentiall...

keycloak: Keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

PT-2025-45486

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.7 1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.7 1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 Description The software is susceptible to ...

CVE-2025-11212

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11212

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11208

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11213

CVE-2025-11213 describes an Omnibox implementation issue in Google Chrome on Android that allows domain spoofing via a crafted HTML page when a user is persuaded to perform specific UI gestures. The available connected documents confirm a Chromium/Chrome family fix in the 141.0.7390.54+ range, wi...

CVE-2025-11213

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11212

CVE-2025-11212 concerns an inappropriate Media module implementation in Google Chrome on Windows, enabling domain spoofing when a user is induced to perform specific UI gestures on a crafted HTML page. The connected Fedora advisories indicate Chromium-based updates addressing this vulnerability: ...

CVE-2025-36054

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This...

CVE-2025-36054

IBM Business Automation Workflow containers (versions 24.0.0-IF006 to 24.0.0, 24.0.1-IF004, 25.0.0-IF001) and the traditional with Process Federation Server (24.0.0 to 24.0.1, 25.0.0) are affected by a cross-site scripting (CWE-79) vulnerability (CVE-2025-36054). An unauthenticated attacker can i...

CVE-2025-36054 Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This...

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server - CVE-2025-36054

Summary IBM Business Automation Workflow Process Fedeeration Server is vulnerable to a Cross-site scripting attack. Vulnerability Details CVEID:CVE-2025-36054 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker...

PT-2025-45182

Name of the Vulnerable Software and Affected Versions IBM Business Automation Workflow containers versions 24.0.0 through 24.0.0-IF006 IBM Business Automation Workflow containers versions 24.0.1 through 24.0.1-IF004 IBM Business Automation Workflow containers versions 25.0.0 through 25.0.0-IF001...

CVE-2025-20375

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

CVE-2025-20375

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

CVE-2025-20376

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...

CVE-2025-20374

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this...

CVE-2025-20374

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this...