8.7
CVE-2025-22373 - XSS, HTML and Style injection on login page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021.
9.3
CVE-2025-22372 - Insecure password storage in SicommNet BASEC
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14 Dโฆ
5.3
CVE-2025-3571 - Fannuo Enterprise Content Management System ๅก่ฏบไผไธ็ฝ็ซ็ฎก็็ณป็ป cms_chip.php sql injection
A vulnerability was found in Fannuo Enterprise Content Management System ๅก่ฏบไผไธ็ฝ็ซ็ฎก็็ณป็ป 1.1/4.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/cms_chip.php. The manipulation of the argument del leads to sql injection. The attack can be initiated remotely. Tโฆ
6.3
CVE-2024-49825 - IBM Robotic Process Automation session fixation
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
5.4
CVE-2025-2475 - Unauthorized Bot Login Using Credentials
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.
3.1
CVE-2025-2424 - Leaked Metadata of Deleted Files via Bookmark Creation
Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.
5.1
CVE-2025-3570 - JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. It has been classified as problematic. This affects the function Save of the file ContentController.java. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely.โฆ
7.1
CVE-2025-2161 -
Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
8.1
CVE-2025-2160 -
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
5.3
CVE-2025-3569 - JamesZBL/code-projects db-hospital-drug ShiroConfig.java improper authorization
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosโฆ