0
CVE-2023-53898 - Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Configuration
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.
0
CVE-2023-53897 - Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.
9.3
CVE-2023-53894 - phpfm 1.7.9 Authentication Bypass via Type Juggling Vulnerability
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
8.5
CVE-2025-68130 - tRPC has possible prototype pollution in `experimental_nextAppDirCaller`
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` function, which is used by the Next.js App Router β¦
8.9
CVE-2025-68116 - FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) oβ¦
6.5
CVE-2025-59935 - GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.
10
CVE-2025-37164 -
A remote code execution issue exists in HPE OneView.
6.1
CVE-2025-10450 - Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Profβ¦
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.2.0 before 7.3.1.
5.4
CVE-2025-68269 -
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
5.4
CVE-2025-68268 -
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page