CVE-2025-36248

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36248

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting (CWE-79). The issue allows an unauthenticated user to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected product/version: IBM Copy Services Manager 6.3.13...

CVE-2025-36248 IBM Copy Services Manager cross-site scripting

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36248 IBM Copy Services Manager cross-site scripting

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Introducing Enhanced User Interface for Qualys PCI DSS 4.0 ASV Compliant Solution

We’re excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV UI helps you simplify PCI DSS 4.0 compliance, save time, and reduce audit-related stress. This major update improves usability, streamlines...

CVE-2025-36139

IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36139

IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-49367

An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user...

CVE-2025-59691

CVE-2025-59691 affects PureVPN Linux clients (CLI 2.0.1 and GUI 2.10.0). The vulnerability allows IPv6 traffic to leak outside the VPN tunnel during events like Wi‑Fi reconnects or system resume, with the CLI auto-reconnect showing as connected while IPv6 isn’t routed or blocked, and the GUI leav...

CVE-2025-59691

PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In th...

PT-2025-38437

Name of the Vulnerable Software and Affected Versions Kyocera Command Center RX EXOSYS M5521cdn affected versions not specified Description An issue in the user interface allows remote attackers to obtain sensitive information by inspecting sent packages. Recommendations At the moment, there is n...

PT-2025-38497

Name of the Vulnerable Software and Affected Versions PureVPN versions 2.0.1 and 2.10.0 Description PureVPN client applications on Linux mishandle firewalling. The applications flush existing iptables rules and apply default ACCEPT policies when connecting to a VPN server, removing previously...

CVE-2025-59692

PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software e.g., UFW,...

Kyocera Command Center RX EXOSYS M5521cdn 安全漏洞

Kyocera Command Center RX EXOSYS M5521cdn is a color multifunction printer from Kyocera, USA. A security vulnerability exists in the Kyocera Command Center RX EXOSYS M5521cdn, which stems from a user interface issue, and could allow a remote attacker to obtain sensitive information by inspecting...

PureVPN 安全漏洞

PureVPN is a VPN software from PureVPN Inc. A security vulnerability exists in the PureVPN CLI version 2.0.1 and GUI version 2.10.0, which stems from IPv6 traffic being leaked after a cyber event, potentially leading to a user privacy breach...

CVE-2023-49367

CVE-2023-49367 affects Kyocera Command Center RX EXOSYS M5521cdn. The issue is a user interface defect that allows a remote attacker to obtain sensitive information by inspecting packets sent by the user. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates a network-exposed vulner...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

PT-2025-38142

Name of the Vulnerable Software and Affected Versions: MevzuatTR versions prior to 12.02.2025 Description: The software contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' and Improper Restriction of Rendered UI Layers or Frames issue. This allows for...

CVE-2025-47967

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...

Denial Of Service (DoS)

pyLoad-ng is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation because the jk parameter is passed directly to dykpy.evaljs without verification, allowing crafted input to exhaust CPU resources and render the web UI unresponsive...