CVE-2025-4000
published 2025-04-28CVE-2025-4000: A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the…
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.25%
16.3th percentile
A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| juniper | junos_os | — | — |
| juniper | srx_series | — | — |
| seeyon | oa_web_application_system | — | — |
| seeyon | zhiyuan_oa_web_application_system | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-77p7-m99m-4g5r: A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8
ghsa_unreviewed·2025-04-28
CVE-2025-4000 [MEDIUM] CWE-79 GHSA-77p7-m99m-4g5r: A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8
A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Chrome
Stable Channel Update for Desktop: CVE-2025-9865
vendor_chrome·2025-09-02·CVSS 5.4
CVE-2025-9865 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-9865
Stable Channel Update for Desktop
CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07 [$4000][ 379337758 ] Medium CVE-2025-9866: Inappropriate implementation in Extensions
Reported by NDevTK on 2024-11-16 [$1000][ 415496161 ] Medium CVE-2025-9867: Inappropriate implementation in Downloads
Severity: medium
Juniper
CVE-2025-52981: An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on
S
vendor_juniper·2025-07-11·CVSS 7.5
CVE-2025-52981 [MEDIUM] CWE-754 CVE-2025-52981: An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on
S
CVE-2025-52981: An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on
SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3
allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If a sequence of specific PIM packets is received, this will cause a flowd crash and restart.
This issue affects Junos OS:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S11,
* 22.2 versions before 22.2R3-S7,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S4,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2.
This is a similar, but different vulnerability than the issue reported as
CVE-2024-47503, published in JSA88133.
Chrome
Stable Channel Update for Desktop: CVE-2025-6191
vendor_chrome·2025-06-17·CVSS 8.8
CVE-2025-6191 [HIGH] Stable Channel Update for Desktop: CVE-2025-6191
Stable Channel Update for Desktop
CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27 [$4000][ 421471016 ] High CVE-2025-6192: Use after free in Profiler
Reported by Chaoyuan Peng (@ret2happy) on 2025-05-31 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2025-4052
vendor_chrome·2025-04-29·CVSS 6.3
CVE-2025-4052 [LOW] Stable Channel Update for Desktop: CVE-2025-4052
Stable Channel Update for Desktop
CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 The previous version of these notes did not include the following security fixes which were included in the release: [$4000][ 402791076 ] Medium CVE-2025-13097: Inappropriate implementation in DevTools
Reported by Alesandro Ortiz on 2025-03-13 [$1000][ 379818904 ] Low CVE-2024-13983: Inappropriate implementation in Lens
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2025-0999
vendor_chrome·2025-02-18·CVSS 8.8
CVE-2025-0999 [HIGH] Stable Channel Update for Desktop: CVE-2025-0999
Stable Channel Update for Desktop
CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee (@0x10n) on 2025-02-04 [TBD][ 383465163 ] High CVE-2025-1426: Heap buffer overflow in GPU
Reported by un3xploitable && GF on 2024-12-11 [$4000][ 390590778 ] Medium CVE-2025-1006: Use after free in Network
Severity: high
No detection rules found.
No writeups or analysis indexed.
2025-04-28
Published