Exploit for CVE-2025-39247

CVE-2025-39247 - Target: HikCentral Professional HCMP, c...

CVE-2026-6437

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

EUVD-2022-52912

Malicious code in bioql PyPI...

CVE-2024-55456

lunasvg v3.0.1 was discovered to contain a segmentation violation via the component grayfindcell...

CVE-2024-55456

CVE-2024-55456 affects lunasvg v3.0.1 with a segmentation fault in the gray_find_cell component. Exploitation is not described in the supplied documents, but the Fedora advisories indicate that lunasvg updates (and unbundling plutovg) are needed to address the issue. Remediation guidance availabl...

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop

Impact There is a vulnerability in GO managing malformed DNS message, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References - CVE-2024-24788 Patches - https://github.com/traefik/traefik/releases/tag/v2.11.3 -...

BIT-DISCOURSE-2023-23620 Discourse restricted tag routes leak topic information

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable...

Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751)

Summary Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc CVE-2020-1751 Vulnerability Details CVEID:CVE-2020-1751 DESCRIPTION: GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling signal...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Golang (CVE-2020-24553)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Golang CVE-2020-24553 Vulnerability Details CVEID:CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could...

CVE-2023-0169

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross site scripting

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting XSS. A normal user can steal session cookies of the admin users through notification received by the admin user...

CVE-2022-46087

CloudSchool v3.0.1 is affected by Cross-Site Scripting (XSS) via admin notifications, allowing a normal user to steal admin session cookies. The issue is documented with a PoC and public advisories; exploitation exists in reported PoCs. Remediation: upgrade to a version that includes a fix for th...

CVE-2022-31403

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

CVE-2022-31403

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

Cross site scripting

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

CVE-2022-31403

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...

CVE-2022-31403

CVE-2022-31403 affects the IT service management platform iTop (notably v3.0.x, with the core issue reported as an XSS via /itop/pages/ajax.render.php). The Red Hat advisory confirms the existence of an XSS vulnerability in ITOP 3.0.1, with public-facing impact described as cross-site scripting. ...

CVE-2022-31402

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...

CVE-2022-31402

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...

Cross site scripting

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...