CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

UBUNTU-CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

CVE-2025-54292 Client-Side Path Traversal in LXD-UI

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...

CVE-2025-57444

An authenticated cross-site scripting XSS vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter...

SUSE CVE-2025-11208

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-36132

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

Security Bulletin: IBM Watson Studio on Cloud Pak for Data is vulnerable to a cross-site scripting vulnerability

Summary Watson Studio on Cloud Pak for Data is vulnerable to cross-site scripting within the Web UI CVE-2025-33116 Vulnerability Details CVEID:CVE-2025-33116 DESCRIPTION: IBM Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra...

CVE-2025-57444

Radware AlteonOS Web UI Management (v33.0.4.50) has an authenticated XSS in the Administrative interface caused by insufficient validation of the Description parameter, enabling injection of arbitrary web scripts/HTML. Documented impact is arbitrary script execution within the authenticated user ...

PT-2025-40293

Name of the Vulnerable Software and Affected Versions Radware AlteonOS Web UI Management version 33.0.4.50 Description A security issue exists in the Administrative interface of Radware AlteonOS Web UI Management. An attacker with authentication can inject a crafted payload into the Description...

Radware AlteonOS Web UI Management 安全漏洞

Radware AlteonOS Web UI Management is a web management page from Radware Israel. A security vulnerability exists in Radware AlteonOS Web UI Management version 33.0.4.50, which stems from insufficient validation of the Description parameter input and could lead to a cross-site scripting attack...

CVE-2025-57769

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...

CVE-2025-36262

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input...

CVE-2025-36132

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

CVE-2025-36262

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input...

CVE-2025-36132

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

CVE-2025-36262

IBM Planning Analytics Local is affected in versions 2.0.0–2.0.106 and 2.1.0–2.1.13. The issue is due to improper input validation that could allow a malicious privileged user to bypass the UI and access sensitive information. No exploit details are provided in the documents. Remediation is to up...

CVE-2025-36132 IBM Planning Analytics Local cross-site scripting

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

CVE-2025-36132 IBM Planning Analytics Local cross-site scripting

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

CVE-2025-23292

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service UI component...

PT-2025-40023

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.0.0 through 2.0.106 IBM Planning Analytics Local versions 2.1.0 through 2.1.13 Description A malicious privileged user may be able to bypass the user interface to obtain unauthorized access to sensitive...