3 matches found
CVE-2025-34281
ThingsBoard vulnerability CVE-2025-34281 affects pre-4.2.1 releases. An authenticated user can upload malicious SVGs via the Image Gallery, enabling Stored XSS when the image is loaded by a browser (e.g., through public API access or iframe embedding during widget creation/deployment on dashboard...
AZL-34807 CVE-2023-51257 affecting package jasper for versions less than 4.2.1-1
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code...
HylaFAX < 4.2.1 Remote Access Control Bypass
Binary data 2517.prm...