CVE-2024-30114 – HCL Leap Cross-Site Scripting (XSS)

April 24, 2025

CVE ID : CVE-2024-30114

Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago

Description : Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43858 – YouTubeDLSharp Windows Command Injection Vulnerability

Next Article CVE-2025-31324 – SAP NetWeaver Unauthenticated Remote Code Execution

Highlights

CVE-2025-48936 – Zitadel Host Header Injection Vulnerability

May 30, 2025

CVE ID : CVE-2025-48936

Published : May 30, 2025, 7:15 a.m. | 2 hours, 14 minutes ago

Description : Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user’s password and gain unauthorized access to their account. This specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This issue has been patched in versions 2.70.12, 2.71.10, and 3.2.2.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2024-30114 – HCL Leap Cross-Site Scripting (XSS)

Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation

The Anatomy of an RCE Attack : The Hacker’s Big Score

CVE-2025-23104 – Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability

CVE-2025-47270 – Nimiq Albatross Denial of Service Buffer Overflow

CVE-2025-4084 – “Firefox/Thunderbird Escaping Vulnerability (Local Code Execution)”

CVE-2025-48873 – Apache Web Framework Remote Code Execution Vulnerability

CVE-2025-48936 – Zitadel Host Header Injection Vulnerability

Rethinking technology and IT’s role in the era of agentic AI and digital labor

I replaced my Samsung S25 Ultra with this rugged model that’s half the price – and didn’t regret it

Can I play Blue Prince on Steam Deck, ROG Ally, and other gaming handhelds?

CVE-2024-30114 – HCL Leap Cross-Site Scripting (XSS)

Related Posts