Malicious code in leafygreen-ui (npm)

--- -= Per source details. Do not edit below this line.=-...

Cubro EXA48200 安全漏洞

Cubro EXA48200 is an advanced network packet broker from Cubro. A security vulnerability exists in the Cubro EXA48200 that stems from improper access control of the /api/user/users interface that allows elevated privileges...

CVE-2025-20116

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the drag-drop action on the Web-UI. An attacker can execute arbitrary JavaScript with the same privileges as the user by tricking them into dragging a maliciously-named, zero-byte file into the interface...

PT-2025-7809 · Copyparty · Copyparty

Name of the Vulnerable Software and Affected Versions: copyparty versions prior to 1.16.15 Description: The issue is a DOM-based cross-site scripting vulnerability. It can be triggered by handing someone a maliciously-named file and then tricking them into dragging the file into copyparty's Web-U...

The vulnerability of the user interface of Windows operating systems allows a hacker to hide files that have been decompiled from a specially created archive from users’ sight.

The vulnerability of Windows operating systems’ user interfaces is related to the improper handling of file attributes. Exploiting this vulnerability can allow attackers to hide files that have been decompressed from a specially crafted archive from users’ sight...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-04170)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX version 11.1. The vulnerability stems from the application's lack of effective filtering and...

Dell Avamar Access Token Reuse Vulnerability

Dell Avamar is a data backup and recovery solution from Dell that focuses on providing organizations with efficient and flexible data protection services that support physical, virtual and cloud environments. Dell Avamar suffers from an access token reuse vulnerability that stems from the inclusi...

Huawei HarmonyOS and EMUI ffrt module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds read vulnerability exists in the Huaw...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of the graphical user interface of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute cross-site scripting attacks.

The vulnerability of the graphical user interface of the FortiSandbox threat detection and mitigation system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending special...

The vulnerability of the Microsoft Outlook for Android client, related to information representation errors in the user interface, allows a hacker to perform spear-phishing attacks.

The vulnerability of the Microsoft Outlook for Android client is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

The vulnerability of the graphical user interface of the FortiSIEM security management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the graphical user interface of the FortiSIEM security management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows attackers to perform cross-site scripting attacks by sending specially crafted HTTP requests...

The vulnerability of the user interface of Kubernets Rancher cluster management software allows a attacker to perform XSS attacks.

The vulnerability of the user interface of Kubernets Rancher cluster management software is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Progress Telerik UI 路径遍历漏洞

Progress Telerik UI is a suite of UI user interface controls for application development from Progress, Inc. A path traversal vulnerability exists in Progress Telerik UI prior to version 2025 Q1, which stems from the fact that the use of improper destination path restrictions could result in the...

The vulnerability of the UI components in operating systems such as visionOS, iOS, iPadOS, macOS, and the Safari browser allows attackers to gain unauthorized access to confidential data.

The vulnerability of the UI components in operating systems such as visionOS, iOS, iPadOS, macOS, and the Safari browser is related to an improper limitation on the layers of the user interface that can be displayed. Exploiting this vulnerability may allow a remote attacker to gain unauthorized...

Astra Linux – Vulnerability in Zabbix

Setting the SMS media allows for setting the GSM modem file. This file is later used as a Linux device. But since everything is a file for Linux, it’s possible to set another file, such as a log file. In this case, Zabbixserver will attempt to communicate with it as a modem. As a result, the log...

KLA80106 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft PC Manager can be exploited remotely to gain...