CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

May 1, 2025

CVE ID : CVE-2025-35996

Published : May 1, 2025, 7:15 p.m. | 53 minutes ago

Description : KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resulting in a cross-site-scripting attack.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-36521 – MicroDicom DICOM Viewer Out-of-Bounds Read Vulnerability

Next Article CVE-2025-24522 – KUNBUS Revolution Pi Node-RED Remote Command Execution

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Managing the growing risk profile of agentic AI and MCP in the enterprise

How To Prevent WordPress SQL Injection Attacks

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

Windows Hello face unlock no longer works in the dark, and Microsoft says it’s not a bug

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.17.2025)

Stream-Omni: Simultaneous Multimodal Interactions with Large Language-Vision-Speech Model

How Inclusive Design Leading and Creating Solutions for Universal Design

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

Cybercrime Losses Jump 33% in 2024, FBI Report Shows

CVE-2025-48374 – Zot Keycloak Client Secret Disclosure

Scaling Up Reinforcement Learning for Traffic Smoothing: A 100-AV Highway Deployment

CVE-2025-43919 – cPanel WHM GNU Mailman File Traversal Vulnerability

CVE-2025-49275 – Blogbyte PHP Remote File Inclusion Vulnerability

Building a Legacy of Trust from Progressive Insurance to AWS

CISA adds Yii Framework and Commvault bugs to KEV Catalog

Google Researchers Advance Diagnostic AI: AMIE Now Matches or Outperforms Primary Care Physicians Using Multimodal Reasoning with Gemini 2.0 Flash

CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

Related Posts