🚨 CVE-2025-1647
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
🎖@cveNotify
Herodevs
Vulnerability Directory | CVE-2025-1647 | Bootstrap | HeroDevs
Patch CVE-2025-1647 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates and fixes—don’t wait, act now!
🚨 CVE-2025-1499
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
🎖@cveNotify
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
🎖@cveNotify
🚨 CVE-2025-25044
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
🎖@cveNotify
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
🎖@cveNotify
Ibm
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
There is a vulnerability in a Open Source Software (OSS) component consumed by IBM Planning Analytics Workspace. Additionally, IBM Planning Analytics Workspace is vulnerable to Cross-site scripting, Path Traversal, Session Fixation vulnerabilities. This Security…
🚨 CVE-2025-2896
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
🎖@cveNotify
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
🎖@cveNotify
Ibm
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
There is a vulnerability in a Open Source Software (OSS) component consumed by IBM Planning Analytics Workspace. Additionally, IBM Planning Analytics Workspace is vulnerable to Cross-site scripting, Path Traversal, Session Fixation vulnerabilities. This Security…
🚨 CVE-2025-33004
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
🎖@cveNotify
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
🎖@cveNotify
Ibm
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
There is a vulnerability in a Open Source Software (OSS) component consumed by IBM Planning Analytics Workspace. Additionally, IBM Planning Analytics Workspace is vulnerable to Cross-site scripting, Path Traversal, Session Fixation vulnerabilities. This Security…
🚨 CVE-2025-33005
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
🎖@cveNotify
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
🎖@cveNotify
Ibm
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
There is a vulnerability in a Open Source Software (OSS) component consumed by IBM Planning Analytics Workspace. Additionally, IBM Planning Analytics Workspace is vulnerable to Cross-site scripting, Path Traversal, Session Fixation vulnerabilities. This Security…
🚨 CVE-2025-5401
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument p_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument p_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Report/blogbook/BlogBook post.php p_id Parameter SQL Injection.md at main · rllvusgnzm98/Report
Contribute to rllvusgnzm98/Report development by creating an account on GitHub.
🚨 CVE-2022-37620
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
🎖@cveNotify
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
🎖@cveNotify
GitHub
html-minifier/src/htmlminifier.js at 51ce10f4daedb1de483ffbcccecc41be1c873da2 · kangax/html-minifier
Javascript-based HTML compressor/minifier (with Node.js support) - kangax/html-minifier
🚨 CVE-2025-40908
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
🎖@cveNotify
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
🎖@cveNotify
GitHub
"LoadFile" uses 2-args open, allowing to truncate existing files · Issue #120 · ingydotnet/yaml-libyaml-pm
#! /usr/bin/env perl # # Short description for test-YAML-XS.pl # # Version 0.0.1 # Copyright (C) 2025 Shlomi Fish < https://www.shlomifish.org/ > # # Licensed under the terms of the MIT licen...
🚨 CVE-2025-5402
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php of the component GET Parameter Handler. The manipulation of the argument edit_post_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php of the component GET Parameter Handler. The manipulation of the argument edit_post_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Report/blogbook/BlogBook posts.php edit_post p_id Parameter SQL Injection.md at main · rllvusgnzm98/Report
Contribute to rllvusgnzm98/Report development by creating an account on GitHub.
🚨 CVE-2025-5403
A vulnerability classified as critical has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This affects an unknown part of the file /admin/view_all_posts.php of the component GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability classified as critical has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This affects an unknown part of the file /admin/view_all_posts.php of the component GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Report/blogbook/BlogBook posts.php delete_post delete Parameter SQL Injection.md at main · rllvusgnzm98/Report
Contribute to rllvusgnzm98/Report development by creating an account on GitHub.
🚨 CVE-2025-5404
A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of the argument Search leads to denial of service. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of the argument Search leads to denial of service. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Report/blogbook/BlogBook search.php search Parameter SQL Injection.md at main · rllvusgnzm98/Report
Contribute to rllvusgnzm98/Report development by creating an account on GitHub.
🚨 CVE-2025-5405
A vulnerability, which was classified as problematic, has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This issue affects some unknown processing of the file /post.php. The manipulation of the argument comment_author/comment_email/comment_content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability, which was classified as problematic, has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This issue affects some unknown processing of the file /post.php. The manipulation of the argument comment_author/comment_email/comment_content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Report/blogbook/BlogBook post.php Stored Cross-Site Scripting (XSS) in Comment Functionality Leading to Admin and User Account…
Contribute to rllvusgnzm98/Report development by creating an account on GitHub.
🚨 CVE-2025-5406
A vulnerability, which was classified as critical, was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. Affected is an unknown function of the file /admin/posts.php?source=add_post. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability, which was classified as critical, was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. Affected is an unknown function of the file /admin/posts.php?source=add_post. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Report/blogbook/BlogBook posts.php add_post post_image Parameter Unrestricted Upload.md at main · rllvusgnzm98/Report
Contribute to rllvusgnzm98/Report development by creating an account on GitHub.
🚨 CVE-2025-5407
A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Report/blogbook/BlogBook Stored XSS in User Registration via fullname Parameter Leading to Admin Account Takeover.md at main ·…
Contribute to rllvusgnzm98/Report development by creating an account on GitHub.
🚨 CVE-2025-5408
A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
🚨 CVE-2025-5409
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The identifier of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The identifier of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
GitHub
GitHub - Stolichnayer/mist-ce-account-takeover: Mist CE ≤ v4.7.1 contains a critical Broken Access Control vulnerability, allowing…
Mist CE ≤ v4.7.1 contains a critical Broken Access Control vulnerability, allowing unauthenticated attackers to generate arbitrary API tokens and take over user accounts. - Stolichnayer/mist-ce-acc...
🚨 CVE-2025-5410
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
GitHub
GitHub - Stolichnayer/mist-ce-csrf: Mist CE ≤ v4.7.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the admin's…
Mist CE ≤ v4.7.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the admin's "switch user" operation, allowing attackers to perform unauthorized actions. - S...
🚨 CVE-2025-5411
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is named db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is named db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
GitHub
GitHub - Stolichnayer/mist-ce-xss: Mist CE ≤ v4.7.1 contains a Stored Cross-Site Scripting (XSS) vulnerability in the tag field…
Mist CE ≤ v4.7.1 contains a Stored Cross-Site Scripting (XSS) vulnerability in the tag field, allowing attackers to inject and execute malicious JavaScript. - Stolichnayer/mist-ce-xss
🚨 CVE-2025-5412
A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The name of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The name of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
🎖@cveNotify
GitHub
GitHub - Stolichnayer/mist-ce-open-redirect: Mist CE ≤ v4.7.1 contains an Open Redirect vulnerability, allowing attackers to redirect…
Mist CE ≤ v4.7.1 contains an Open Redirect vulnerability, allowing attackers to redirect users to malicious sites or execute XSS attacks. - Stolichnayer/mist-ce-open-redirect
🚨 CVE-2025-5420
A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
report/juzawebcms/3.4.2/juzawebcms_avatar_xss.md at main · Cyber-Wo0dy/report
Contribute to Cyber-Wo0dy/report development by creating an account on GitHub.