CVE-2025-26997 – Validas Wireless Butler Cross-site Scripting

May 19, 2025

CVE ID : CVE-2025-26997

Published : May 19, 2025, 6:15 p.m. | 33 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-39396 – Crocoblock JetReviews PHP Local File Inclusion Vulnerability

Next Article CVE-2025-26872 – Eximius Unrestricted File Upload Vulnerability

Highlights

CVE-2025-5321 – Aimhubio Aim Remote Sandbox Bypass Vulnerability

May 29, 2025

CVE ID : CVE-2025-5321

Published : May 29, 2025, 3:15 p.m. | 1 hour, 47 minutes ago

Description : A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 27/2025

CVE-2025-26997 – Validas Wireless Butler Cross-site Scripting

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CVE-2025-48915 – Drupal COOKiES Consent Management Cross-Site Scripting (XSS)

CVE-2025-6664 – CodeAstro Patient Record Management System Cross-Site Request Forgery (CSRF)

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups

CVE-2025-45332 – “Koskiv C-Ray Segmentation Fault NPD”

CVE-2025-5321 – Aimhubio Aim Remote Sandbox Bypass Vulnerability

CVE-2025-4652 – Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

Sam Altman wants OpenAI to be the Microsoft of AI, with a subscription-based operating system built on ChatGPT

PIM for Azure Resources

CVE-2025-26997 – Validas Wireless Butler Cross-site Scripting

Related Posts