Skip to main content
CVE-2025-10914 HIGH This Week

Reflected cross-site scripting in Proliz Software OBS (Student Affairs Information System) prior to V26.0401 allows remote attackers to execute arbitrary JavaScript in a victim's browser session after luring them to click a crafted link. The high CVSS of 7.6 reflects unauthenticated network exploitation with high confidentiality impact, though no public exploit identified at time of analysis and EPSS data was not provided. The flaw was reported by Turkey's national CERT (USOM), indicating regional relevance for Turkish higher-education institutions that use this Student Affairs platform.

XSS
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-12105 HIGH PATCH This Week

Remote denial-of-service in libsoup affects GNOME and WebKit-based applications that rely on the library for HTTP/2 client communication. A race in the asynchronous message-queue handling lets a queue item be freed twice when network operations are aborted at precise timing, producing a use-after-free that crashes the consuming application. Red Hat reported the issue and has shipped errata fixes; there is no public exploit identified at time of analysis and the flaw is confined to availability impact (no code execution or data exposure indicated).

Memory Corruption Apple Denial Of Service Use After Free
NVD
CVSS 3.1
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy