Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose s ...
Continue Reading
July 22, 2025
Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose s ...
Continue Reading
July 22, 2025
A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through stolen JWT...Read More ...
Continue Reading
July 22, 2025
A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through stolen JWT...Read More ...
Continue Reading
July 22, 2025
github.com/filebrowser/filebrowser is vulnerable to Improper Session Expiration.The vulnerability is due to the authentication system issuing long-lived JWT tokens that remain valid even after user lo ...
Continue Reading
July 22, 2025
Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for ...
Continue Reading
July 21, 2025
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details ...
Continue Reading
July 21, 2025
Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: t ...
Continue Reading
July 21, 2025
Back to Main
