CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CISA Software Acquisition Guide Supplier Response Web Tool 安全漏洞

CISA Software Acquisition Guide Supplier Response Web Tool is an interactive Web tool from the CISA organization in the United States. A security vulnerability exists in versions of the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which stems from a cross-site...

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

EUVD-2025-15961

Malicious code in bioql PyPI...

trashhost

xss tool and sqli detector...

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

CVE-2025-44897

The CVE-2025-44897 issue affects FW-WGS-804HPT v1.305b241111, with a stack overflow discovered in the bytftp_srvip parameter of the web_tool_upgradeManager_post function. Reported CVSSv3.1 is 9.8 (CRITICAL) with NETWORK attack vector, no user interaction, and impacts to confidentiality, integrity...

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

PT-2025-22306 · Unknown · Fw-Wgs-804Hpt

Name of the Vulnerable Software and Affected Versions: FW-WGS-804HPT version 1.305b241111 Description: A stack overflow issue was discovered via the bytftp srvip parameter in the web tool upgradeManager post function. Recommendations: For FW-WGS-804HPT version 1.305b241111, consider disabling the...

The vulnerability of the Butterfly web application development tool lies in the improper restriction on the path to the restricted catalog, which allows a hacker to perform an SSRF attack.

The vulnerability of the Butterfly web application development tool is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to perform a SSRF attack remotely...

The vulnerability in the iTop web tool for managing IT services arises from an incorrect limitation on the path to the restricted access catalog, allowing a perpetrator to disclose protected information.

The vulnerability of the iTop IT service management web tool is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

By Waqas Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce! This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted...

The vulnerability of the web-based collaboration tool for planning, creating, managing, and executing tests at all stages of the IBM Engineering Test Management cycle exists due to the lack of protective measures for the website structure. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the web-based collaboration tool for planning, creating, managing, and executing tests at all stages of the development cycle in IBM Engineering Test Management exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a...

Torbot Security Vulnerabilities

TorBot is an open source intelligence tool for the dark web. Torbot has a security vulnerability. An attacker exploits the vulnerability to cause an application to crash using specially crafted parameters...

The vulnerability of the unserialize() function in the PostgreSQL administration web tool phpPgAdmin allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the unserialize function in the phpPgAdmin web administration tool for PostgreSQL is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

Siemens SINEC NMS 命令注入漏洞

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A command injection vulnerability exists in Siemens SINEC INS, which...