PT-2025-34270 · Unknown · Aikaan Iot Management Platform

Name of the Vulnerable Software and Affected Versions: Aikaan IoT management platform version 3.25.0325-5-g2e9c59796 Description: The Aikaan IoT management platform allows unauthenticated users to register accounts via APIs, even when user sign-up is disabled through the user interface. This...

KLA86902 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

Linux Distros Unpatched Vulnerability : CVE-2022-48197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript...

Linux Distros Unpatched Vulnerability : CVE-2017-5109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remot...

Linux Distros Unpatched Vulnerability : CVE-2017-5083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacke...

CVE-2025-55299

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

CVE-2025-55746

Directus vulnerability (CVE-2025-55746) affects Directus real-time API/dashboard. From 10.8.0 to before 11.9.3, an issue in the file update mechanism lets an unauthenticated actor modify existing files with arbitrary content and/or upload new files (with arbitrary extensions) without updating dat...

CVE-2025-55287

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI...

CVE-2025-55288

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and U...

CVE-2025-20131 Cisco Identity Services Engine Arbitrary File Upload Vulnerability

A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this...

CVE-2025-20131

CVE-2025-20131 affects Cisco Identity Services Engine (ISE) GUI. Root cause: improper validation of the file copy function, enabling an authenticated, remote attacker with administrative privileges to upload arbitrary files to an affected device via a crafted file upload in the ISE GUI. CVSS v3.1...

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this...

CVE-2025-33008

IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2025-31988

HCL Digital Experience is susceptible to cross site scripting XSS in an administrative UI with restricted access...

CVE-2025-33008 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting

IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2025-31988 HCL Digital Experience is susceptible to cross site scripting (XSS)

HCL Digital Experience is susceptible to cross site scripting XSS in an administrative UI with restricted access...

MAL-2025-41385 Malicious code in gbb-kubernetes-hackfest-webui-dashboard (npm)

The package communicates with a domain associated with malicious activity...

PT-2025-33848 · Ibm · Ibm Sterling File Gateway +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator version 6.2.1.0 IBM Sterling File Gateway version 6.2.1.0 Description: IBM Sterling B2B Integrator and IBM Sterling File Gateway are susceptible to a cross-site scripting issue. An authenticated user can embed...

📄 iDempiere WebUI 12.0.0.202508171158 Session Fixation

iDempiere WebUI version 12.0.0.202508171158 suffers from a session fixation vulnerability. The application does not issue a new session identifier JSESSIONID after successful authentication. An attacker who can set or predict a victim’s session ID prior to login may hijack the victim’s...