CVE-2025-58920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zootemplate Cerato cerato allows Reflected XSS.This issue affects Cerato: from n/a through = 2.2.18...

CVE-2025-58920

CVE-2025-58920 corresponds to a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Cerato theme (Cerato) versions up to 2.2.18. The issue is described as an Improper Neutralization of Input During Web Page Generation. Affected product: WordPress Cerato theme; affected range:

CVE-2025-58920 WordPress Cerato theme <= 2.2.18 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18...

WordPress plugin Cerato 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31915

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18...

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

CVE-2026-35056

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

CVE-2026-35055

XenForo is vulnerable to cross-site scripting (XSS) via lightbox usage in posts in versions before 2.3.9 and before 2.2.18. An attacker can inject scripts that execute when users interact with post content displayed in the lightbox. The issue is reported across multiple sources (including CVE-202...

CVE-2026-35056

Summary (supported by connected docs): XenForo versions before 2.3.9 and before 2.2.18 are affected by a remote code execution (RCE) vulnerability exploitable by authenticated, malicious admins who have access to the admin panel. The attacker can execute arbitrary code on the server. The referenc...

CVE-2026-35056 XenForo Remote Code Execution via Authenticated Admin

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

CVE-2026-35056

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

CVE-2026-35055 XenForo Cross-Site Scripting via Lightbox in Posts

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

EUVD-2019-5977

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-59830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still...

OPENSUSE-SU-2025:15587-1 ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.18-1.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

CVE-2025-59830 Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

PT-2025-39397

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.18 Description Rack’s QueryParser component incorrectly counts parameters when using both '&' and ';' separators. The params limit is only enforced for parameters separated by '&', allowing attackers to bypass the...

WordPress Cerato theme <= 2.2.18 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cerato versions = 2.2.18...