5.3
CVE-2024-42213 - HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment
HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment. An attacker might gain access to these files by indexing or retrieved via predictable URLs or misconfigured permissions, leading to information disclosure.
3.1
CVE-2025-46720 - Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fielβ¦
Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fβ¦
5.4
CVE-2025-46719 - Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading tβ¦
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executβ¦
5.3
CVE-2025-46571 - Open WebUI vulnerable to limited stored XSS vila uploaded html file
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which can be used to open tβ¦
5.4
CVE-2024-42212 - HCL BigFix Compliance is affected by an improper or missing SameSite attribute
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions.
5.4
CVE-2025-46559 - Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious AiScrβ¦
7.2
CVE-2025-46340 - Misskey CSS Style Injection Vulnerability In `MkUrlPreview`
Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlPreview`, it is possible for an attacker to inject arbitrary CSS into the `MkUrlPreview` component. β¦
6.9
CVE-2025-4283 - SourceCodester/oretnom23 Stock Management System Login.php sql injection
A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Login.php?f=login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. Thβ¦
2.1
CVE-2025-46553 - @misskey-dev/summaly Redirect Filter Bypass
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirectsβ¦
8.6
CVE-2025-46335 - Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Uβ¦
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of useβ¦