Security Vulnerabilities
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-22
MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the src parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-22
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.
CVSS Score
9.6
EPSS Score
0.002
Published
2025-12-22
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-22
Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-22
Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-22
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-22
MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-22
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth certificate to connect. Admins can then set more restricted access to specific certificates. A logic error caused this admin CLI command to be run on each restart of the container instead of only the first startup as intended resetting the configuration to "allowany".
CVSS Score
4.7
EPSS Score
0.0
Published
2025-12-22
MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-22