Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0716 | 2025-04-29 | N/A | 4.8 MEDIUM | ||
| Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | |||||
| CVE-2025-3841 | 2025-04-23 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2024-32162 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 4.3 MEDIUM |
| CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. | |||||
| CVE-2020-36827 | 2025-03-29 | N/A | 5.4 MEDIUM | ||
| The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action. | |||||
| CVE-2024-45481 | 2025-03-27 | N/A | N/A | ||
| An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user. | |||||
| CVE-2024-27489 | 2025-03-27 | N/A | 7.5 HIGH | ||
| An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. | |||||
| CVE-2025-2040 | 2025-03-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8373 | 2 Angularjs, Netapp | 2 Angular.js, Active Iq Unified Manager | 2025-02-12 | N/A | 4.8 MEDIUM |
| Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | |||||
| CVE-2024-39899 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4. | |||||
| CVE-2024-47590 | 2024-11-12 | N/A | 8.8 HIGH | ||
| An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability. | |||||
| CVE-2024-39283 | 1 Intel | 1 Tdx Module Software | 2024-09-12 | N/A | 7.8 HIGH |
| Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||