CVE-2024-10087 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context...

CVE-2024-10087

CVE-2024-10087 concerns the Internet Starter module of SoftCOM iKSORIS, which is vulnerable to a Reflected XSS attack. The issue arises when a crafted link containing malicious script is embedded in references to other resources, causing the script to execute in the user’s context. The CVSS metri...

BIT-GITLAB-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

BIT-GIT-2024-50349 Git does not sanitize URLs when asking for credentials interactively

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

CVE-2025-22374

A Server-Side Request Forgery SSRF vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to...

Linux Distros Unpatched Vulnerability : CVE-2025-31498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query eithe...

CVE-2025-22374

Videx CyberAudit-Web’s videx-legacy-ssl SSRF vulnerability (CVE-2025-22374) affects versions prior to 1.1.3 and is patched in 1.1.3+. The issue could allow unauthorized access to the underlying infrastructure. Documents confirm the affected component and fixed version; exploitation status is not ...

PT-2025-15971 · Videx · Videx Cyberaudit-Web

Name of the Vulnerable Software and Affected Versions: Videx CyberAudit-Web versions prior to 1.1.3 Description: A Server-Side Request Forgery SSRF vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web. This issue could lead to unauthorized access to the...

WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Easyfonts versions = 1.1.2...

PT-2025-15762 · Microsoft · Windows Live Writer

Name of the Vulnerable Software and Affected Versions: Windows Live Writer versions 0.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

CVE-2025-32017

CVE-2025-32017 – Umbraco CMS : A path traversal vulnerability in the management API allows authenticated backoffice users to upload files to unintended locations in Umbraco 14+ installations. Root cause is insufficient validation in the management API, enabling uploads to incorrect paths. Affecte...

PT-2025-15311 · Unknown · Hailey888 Oa System

Name of the Vulnerable Software and Affected Versions: hailey888 oa system versions up to 2025.01.01 Description: A vulnerability has been found in the function outAddress of the file cn/gson/oass/controller/address/AddrController.java of the component Backend. The manipulation of the argument...

PT-2025-15913 · Sonicwall · Sonicwall Netextender

Name of the Vulnerable Software and Affected Versions: SonicWall NetExtender versions affected versions not specified Description: A local privilege escalation vulnerability in the SonicWall NetExtender Windows client allows an attacker to trigger an arbitrary file deletion. This issue is related...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]

Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...

PT-2025-15276 · Unknown · Pcman Ftp Server

Name of the Vulnerable Software and Affected Versions: PCMan FTP Server version 2.0.7 Description: A critical issue was found in the EPSV Command Handler component, which can be exploited remotely. The manipulation leads to a buffer overflow. The issue has been publicly disclosed. Recommendations...

CVE-2025-31487

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

GHSA-WC53-4255-GW3F The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

Impact If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the...

PT-2025-14880 · Unknown · Phpgurukul Online Fire Reporting System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Fire Reporting System version 1.2 Description: A critical issue has been found in the PHPGurukul Online Fire Reporting System. The problem affects some unknown functionality of the file /admin/search.php. The manipulation of...

PT-2025-14860 · Unknown · Phpgurukul E-Diary Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul e-Diary Management System version 1.0 Description: A critical issue affects an unknown part of the /password-recovery.php file. The manipulation of the username or contactno argument leads to SQL injection. It is possible to initia...

wonderwork.ucoz.com Cross Site Scripting vulnerability OBB-4042103

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...