4.6
CVE-2025-48875 - FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deletedโฆ
4.6
CVE-2025-48489 - FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180.
6
CVE-2025-48487 - FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180.
6.1
CVE-2025-48486 - FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and __, allowing user input to be executed without proper filtering. This issue haโฆ
6.1
CVE-2025-48485 - FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer. โฆ
9.1
CVE-2025-48865 - Fabio allows HTTP clients to manipulate custom headers it adds
Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forโฆ
8.6
CVE-2025-48492 - GetSimple CMS RCE in Edit component
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to โฆ
5.3
CVE-2025-48889 - Gradio Allows Unauthorized File Copy via Path Manipulation
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy anyโฆ
6.1
CVE-2025-4429 - WordPress Gearside Developer Dashboard <= 1.0.72 - Reflected XSS
The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
8.6
CVE-2025-41235 - CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Spring Cloud Gateway Server forwards the X-Forwarded-Forย and Forwardedย headers from untrusted proxies.