Microsoft Edge for Android 安全漏洞

Microsoft Edge is a web browser from Microsoft that comes with Windows 10 onwards. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android, which stems from insufficient user interface warnings of dangerous operations, and can be exploited by an attacker to cause a network...

PT-2025-44691

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description A flaw exists in Google Chrome that could allow attackers to impact the system. The issue involves an incorrect security UI in SplitView. Recommendations At the moment, there is no informati...

BIT-NIFI-2020-9491

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced...

CVE-2025-36125

IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2025-54111

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally...

IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.8 Stored Cross-Site Scripting (7242026)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a stored cross-site scripting vulnerability as referenced in the 7242026 advisory: - IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting...

CVE-2025-8681 Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role...

CVE-2025-8681

The CVE-2025-8681 entry describes a Stored XSS vulnerability in Pega Platform UI components affecting versions 7.1.0 through Infinity 24.2.2. A high-privilege user with a developer role is required to exploit. The issue stems from a stored XSS flaw in the user interface component, enabling inject...

Pegasystem Pega Platform 安全漏洞

Pegasystem Pega Platform is a suite of application development platforms from the American company Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security...

PT-2025-54576

Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A flaw exists in the Split View component of the Google Chrome browser related to errors in how information is presented in the user interface. Remote exploitation of this issue could...

Linux Distros Unpatched Vulnerability : CVE-2014-4467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attacker...

Linux Distros Unpatched Vulnerability : CVE-2020-10944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2023-23549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation in Checkmk 2.2.0p15, 2.1.0p37, =2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long...

CVE-2025-36125

IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2025-36125

CVE-2025-36125 (IBM HMC - Power) affects IBM Hardware Management Console for Power versions 10.3.1050.0 and 11.1.1110.0. It is a stored cross-site scripting vulnerability (CWE-79) that allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially leading to credentials ...

CVE-2025-57539

A stored cross-site scripting XSS vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment PVE 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially...

CVE-2025-54913

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally...

CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability

...

CVE-2025-54111

CVE-2025-54111 is documented in the connected materials with concrete details: it involves a use-after-free in Windows UI XAML Phone DatePickerFlyout that can allow an attacker to elevate privileges locally. The NCSC-2025-0277 listing assigns a high severity (CVSS ~7.8–7.8 range) to CVE-2025-5411...

CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability

...