KLA87233 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in V8 can be...

CVE-2025-33082

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-33083

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-0656

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-0656 IBM Concert Software cross-site scripting

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-0656

IBM Concert Software 1.0.0–1.1.0 is affected by CVE-2025-0656: an unauthenticated attacker can inject arbitrary JavaScript into the Web UI via cross-site scripting, potentially exposing credentials in a trusted session. Root cause: insufficient input handling in the Web UI that allows script inje...

CVE-2025-33083 IBM Concert Software cross-site scripting

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-33083 IBM Concert Software cross-site scripting

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2025-35489

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An unauthenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-35113

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...

CVE-2024-49790

IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

Linux Distros Unpatched Vulnerability : CVE-2024-9773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starti...

Linux Distros Unpatched Vulnerability : CVE-2025-3073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gesture...

CVE-2025-55202

Opencast has a path traversal vulnerability in the UI configuration module present in version 18.0 and in prior 17.7 versions. The root cause is insufficient path validation where the file separator check is not applied, potentially allowing access to files in a different folder that shares a pre...

CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

GHSA-HQ8M-V68G-8CF8 Opencast has a partial path traversal vulnerability in UI config

The protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the...

PT-2025-35228

Name of the Vulnerable Software and Affected Versions Opencast versions prior to 17.7 Opencast version 18.0 Description Opencast is a platform for managing educational audio and video content. Insufficient protections against path traversal attacks in the UI config module could allow attackers...