7.7
CVE-2025-0555 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
6.4
CVE-2025-27417 - WeGIA Contains a Stored Cross-Site Scripting (XSS) in 'adicionar_status_atendido.php' via the 'statβ¦
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts inβ¦
4.8
CVE-2025-27099 - Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vuβ¦
5.4
CVE-2025-27094 - Tuleap allows default values to be cleared from field configuration
Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute foβ¦
7.5
CVE-2025-25185 - GPT Academic allows arbitary file read by tarfile uncompress within softlink
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Suβ¦
7.5
CVE-2024-41771 - IBM Engineering Requirements Management DOORS Next information disclosure
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
7.5
CVE-2024-41770 - IBM Engineering Requirements Management DOORS Next information disclosure
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
8.8
CVE-2024-43169 - IBM Engineering Requirements Management DOORS Next file download
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.
3.7
CVE-2025-24023 - Observable Response Discrepancy in flask-appbuilder
Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
9.8
CVE-2024-8262 - Path Traversal in Proliz Software's OBS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal.This issue affects OBS: before 24.0927.