CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

PT-2025-34808 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The web-based firewall interface firewall.cgi fails to sanitize several rule parameters, including PROT, SRC PORT, TGT PORT, dnatport, key, ruleremark, src addr, std net tgt, and tgt addr. This allows an...

PT-2025-34772 · Selectzero · Selectzero Data Observability Platform

Name of the Vulnerable Software and Affected Versions: SelectZero Data Observability Platform versions prior to 2025.5.2 Description: The SelectZero Data Observability Platform is susceptible to HTML injection due to improper handling of user-supplied input in legacy UI fields. This allows for th...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows that stems from a misleading UI when handling .LNK files, which could lead to remote code execution...

SelectZero Data Observability Platform 安全漏洞

SelectZero Data Observability Platform is a data processing platform from SelectZero Estonia. A security vulnerability exists in SelectZero Data Observability Platform versions prior to 2025.5.2, which stems from an open redirection that exists in an old UI field...

CVE-2025-36042

IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-57751

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

CVE-2025-20131

A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this...

CVE-2025-36042

IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36042 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36042

IBM QRadar SIEM versions 7.5 through 7.5.0 Dashboard are vulnerable to cross-site scripting (CVE-2025-36042). An authenticated user can embed arbitrary JavaScript in the Web UI, potentially altering functionality and disclosing credentials within a trusted session. The issue is tied to the Dashbo...

PT-2025-34371 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 Description: IBM QRadar SIEM Dashboard is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code into the Web UI, potentially altering functionality and leadin...

CVE-2025-33008

IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2025-57751

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...

PT-2025-34188

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.5.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to unauthorized data modification. This is due to the absence of ...