GitLab 18.4 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-12716)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an...

CVE-2018-12716

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...

CVE-2025-12716

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with...

CVE-2025-12716

creationtimestamp| type| source ---|---|--- 2025-12-11 03:35:23+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m7oneuw5fx23 2025-12-11 05:00:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7os56kfxa2x 2025-12-11 15:25:32+00:00| seen|...

WordPress Simple Basic Contact Form plugin < 20250114 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Simple Basic Contact Form versions 20250114...

CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

CVE-2021-31488

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31488

OpenText Brava! Desktop 16.6.3.84 is affected by a DWF file parsing vulnerability. The issue is an out-of-bounds write caused by improper validation of user-supplied data, allowing remote code execution when a user visits a malicious page or opens a malicious file. The vulnerability’s impact is e...

CVE-2021-31488

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Cisco Unified Communications Manager Cross-Site Scripting (XSS) Vulnerability

According to its self-reported version, Cisco Unified Communications Manager is affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click ...

CVE-2019-12716

Cisco Unified Communications Manager (and Session Management Edition SME) is affected by a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input in the web-based interface. An unauthenticated, remote attacker can lure a user to click a crafted link, pot...

CVE-2018-12716

The CVE-2018-12716 entry describes an API service vulnerability in Google Home and Chromecast devices prior to mid-July 2018. The issue allows DNS rebinding to read scan_results JSON data and extract BSSID fields, enabling remote readers on the local network to determine the user’s physical locat...

Fedora Update for devscripts FEDORA-2015-12716

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Core 11 FEDORA-2009-12716 (expat)

The remote host is missing an update to expat announced via advisory FEDORA-2009-12716. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Fedora Core 11 FEDORA-2009-12716 (expat)

The remote host is missing an update to expat announced via advisory FEDORA-2009-12716. OpenVAS Vulnerability Test $Id: fcore200912716.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12716 expat Authors: Thomas Reinke Copyright: Copyright c 2009...