Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30203 | 2025-04-01 | N/A | 4.8 MEDIUM | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742562878 and Tuleap Enterprise Edition 16.5-5 and 16.4-8. | |||||
| CVE-2025-25334 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-25331 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-25330 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-25329 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-25326 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-25325 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-25324 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-25323 | 2025-02-28 | N/A | 5.5 MEDIUM | ||
| An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-42184 | 2025-01-23 | N/A | 2.5 LOW | ||
| BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme. | |||||
| CVE-2023-30959 | 1 Palantir | 1 Apollo Autopilot | 2024-11-21 | N/A | 4.1 MEDIUM |
| In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. | |||||
| CVE-2024-45045 | 2 Collabora, Google | 2 Online, Android | 2024-09-03 | N/A | 6.1 MEDIUM |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability. | |||||