CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...

PT-2025-39830

Name of the Vulnerable Software and Affected Versions IBM License Metric Tool versions 9.2.0 through 9.2.40 Description The software is susceptible to stored cross-site scripting. An authenticated user can embed arbitrary JavaScript code within the Web UI, potentially altering functionality and...

CVE-2025-54831

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

CVE-2025-36239

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-33116

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-54831

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

Apache Airflow 安全漏洞

Apache Airflow is a set of open source platforms with the ability to create, manage and monitor workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow version 3.0.3, which stems from th...

CVE-2025-20327

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a...

CVE-2025-33116 IBM Watson Studio on Cloud Pak for Data cross-site scripting

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Vulnerabilities fixed in Cisco IOS and Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS and Cisco IOS XE Software. The vulnerabilities include several issues, including a buffer overflow in the command-line interface CLI that can lead to unexpected device restarts and a vulnerability in the TACACS+ protocol implementation that allows...

Linux Distros Unpatched Vulnerability : CVE-2025-59691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or...

PT-2025-39409

Name of the Vulnerable Software and Affected Versions IBM Watson Studio versions 4.0 through 5.2.0 on Cloud Pak for Data Description An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering intended functionality and leading to credentials disclosure within a...

CVE-2025-20327

CVE-2025-20327 : Cisco IOS Software web UI vulnerability caused by improper input validation. An authenticated, low-privilege attacker can craft a URL in an HTTP request to trigger a reload and DoS. The issue affects the Cisco IOS/Web UI and has a CVSS:3.1 base score of 7.7 (Network, Low Privileg...

Cisco IOS Software Industrial Ethernet Switch Device Manager Denial of Service Vulnerability

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a...

PT-2025-39304

Name of the Vulnerable Software and Affected Versions Cisco IOS Software affected versions not specified Description A flaw exists in the web UI of Cisco IOS Software that may allow a remote attacker with low privileges to trigger a denial of service DoS condition. This is caused by improper inpu...

PT-2025-39297

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web UI of Cisco IOS XE Software that could allow a remote attacker to perform a reflected cross-site scripting XSS attack. This is caused by insufficient...

GHSA-R6F3-55WJ-G9P3 WSO2 Identity Server Apps allows content spoofing in logs

A content spoofing issue exists in WSO2 Identity Server Apps, specifically in the Authentication Portal, due to improper handling of authentication error messages. When an authentication failure occurs, the portal previously accepted an authFailureMsg value supplied via URL and rendered it in the...

PT-2025-39178

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A content spoofing issue arises from improper error message handling. Error messages are passed through URL parameters without validation, potentially allowing attackers to inject...

CVE-2025-36248

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-49367

An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user...