IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions, and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

IBM Security Verify Bridge 安全漏洞

IBM Security Verify Bridge is an IBM application component from International Business Machines IBM, Inc. provides IBM Cloud access to user attributes and authentication that are controlled by the client's local LDAP or Active Directory. A security vulnerability exists in IBM Security Verify Brid...

CVE-2025-23475

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fireantology History timeline history-timeline allows Reflected XSS.This issue affects History timeline: from n/a through = 0.7.2...

2002-app-demo (>=1.0.0 <=1.2.1), 3.21lianxi (=1.0.0) +1358 more potentially affected by CVE-2025-22150 via undici (>=4.5.0 <=5.28.4)

undici NPM version =4.5.0, =1.0.0, =0.2.1, =0.5.0, =0.1.23, =3.2.4, =1.0.4, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1, =0.1.9 and more Source cves: CVE-2025-22150 Source advisory: OSV:GHSA-C76H-2CCP-4975...

CVE-2025-22262

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WittyFolk Bonjour Bar bonjour-bar allows Stored XSS.This issue affects Bonjour Bar: from n/a through = 1.0.0...

com.farcsal.dql:query-es (=0.8.0), com.github.msarhan:elasticsearch-analysis-arabic (>=1.2.0 <=1.4.0) +11 more potentially affected by CVE-2024-43709 via org.elasticsearch:elasticsearch (>=8.0.0 <=8.13.2)

org.elasticsearch:elasticsearch MAVEN version =8.0.0, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =8.0.0, =8.13.2 Source cves: CVE-2024-43709 Source advisory: OSV:GHSA-JGX4-7V3V-VWFM...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle E-Business Suite versions 12.2....

Brave Browser 输入验证错误漏洞

Brave Browser is a fast, private and secure web browser for PC, Mac and mobile devices from Brave, Inc. An input validation error vulnerability exists in Brave Browser versions 1.70.x through 1.73.x. The vulnerability stems from the source of a site not being correctly identified in the file...

CVE-2025-23677

Cross-Site Request Forgery CSRF vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through = 0.2.4...

CVE-2025-23456

Cross-Site Request Forgery CSRF vulnerability in Oddthinking EmailShroud emailshroud allows Reflected XSS.This issue affects EmailShroud: from n/a through = 2.2.1...

CVE-2025-23533

CVE-2025-23533 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Lyrics that enables a Stored XSS . The Red Hat entry and related records describe the issue as affecting WP Lyrics: from n/a through 0.4.1 . The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L ,...

PT-2025-5169 · Annie · Annie

Name of the Vulnerable Software and Affected Versions: Annie versions n/a through 2.1.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts into...

PMB platform 安全漏洞

PMB platform is a free document management software from PMB Inc. A security vulnerability exists in PMB platform versions 4.0.10 through 4.2.13, which originated from a vulnerability that allows an attacker to keep temporary files on the server...

CVE-2025-22758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harnani Elementor AI Addons ai-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through = 2.2.1...

XINJE XDPPro 安全漏洞

XINJE XDPPro is a USB port connection programming software using PLCs from China XINJE XINJE. A security vulnerability exists in XINJE XDPPro versions 3.2.2 through 3.7.17c, which originates from an insecure privilege in the XNetSocketClient component that allows an attacker to execute arbitrary...

aldryn-django (>=4.2.10.0 <=4.2.17.0), alertwise (=1.0.0) +95 more potentially affected by CVE-2024-56374 via django (>=4.2.0 <=4.2.17)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =4.16.2, =4.8.0, =8.0.0, =5.2.0, =5.2.2 and more Source cves: CVE-2024-56374 Source advisory: OSV:GHSA-QCGG-J2X8-H9G8...

askbob (>=0.0.3 <=0.0.4), botstudio-sdk (>=0.0.3 <=0.0.25) +15 more potentially affected by CVE-2024-49375 via rasa (>=1.10.0 <=3.6.20)

rasa PYPI version =1.10.0, =0.0.3, =0.0.3, =0.0.3a2, =0.23.5, =1.0.2, =0.1.0, =0.2.0, =1.0.3, =0.3.0, =0.0.1a1, =0.1.0, =0.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2024-49375 Source advisory: OSV:GHSA-CPV4-GGRR-7J9V...

PT-2025-4296 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.0 through 0.4.0 Description: The Vyper Compiler has a vulnerability when using the precompiles EcRecover 0x1 and Identity 0x4, where the success flag of the call is not checked. This allows an attacker to provide a specific...

CVE-2024-56323

OpenFGA Open Authorization Engine (versions v1.3.8–v1.8.2; Helm openfga-0.1.38–0.2.19; docker 1.3.8–1.8.2) contains a critical authorization bypass vulnerability (CVE-2024-56323). Root cause: when a model uses conditions and contextual tuples are provided in Check or ListObjects calls, and OPENFG...

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=2.5.6-24.0 <=5.0.1-26.0), io.kokuwa.keycloak:keycloak-event-metrics (>=0.1.0 <=1.0.0) +8 more potentially affected by CVE-2024-11736 via org.keycloak:keycloak-quarkus-server (>=12.0.0 <=26.0.7)

org.keycloak:keycloak-quarkus-server MAVEN version =12.0.0, =2.5.6-24.0, =0.1.0, =15.1.0, =15.1.0, =21.1.0, =26.0.0, =15.1.0, =12.0.0, =12.0.0, =26.0.0, =26.0.7 Source cves: CVE-2024-11736 Source advisory: OSV:GHSA-F4V7-3MWW-9GC2...