Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseActions function. An attacker can execute arbitrary code by sending crafted input to the affected process. Remediation Upgrade github.com/binwiederhier/ntfy/v2/server to version 2.21.0 or...

CVE-2025-31510

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...

CVE-2025-31510

In LemonLDAP::NG prior to 2.21.0, the login page exposes a cross-site scripting (XSS) vulnerability via the tab parameter used with Choice authentication. A remote attacker could inject arbitrary script/HTML through this parameter. The issue is documented across multiple sources (NVD, OSV, Debian...

CVE-2025-62969 WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through = 2.23.0...

PT-2025-43841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through = 2.21.0...

EUVD-2025-35495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.21.0...

CVE-2025-52735

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.24.0...

CVE-2025-52735

The CVE describes a Reflected XSS in XLPlugins NextMove Lite, specifically the woo-thank-you-page-nextmove-lite component, caused by improper input neutralization during web page generation. Affected software is WordPress NextMove Lite plugin versions up to and including 2.24.0 (variously referen...

PT-2025-43227

Name of the Vulnerable Software and Affected Versions XLPlugins NextMove Lite versions through 2.21.0 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This issue is present in the...

WordPress plugin NextMove Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

EUVD-2018-0555

Malware in sbrugna...

Important: Red Hat Bug Fix Advisory: RHOAI 2.21.0 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.21.0 provides these changes:...

Moderate: Red Hat Security Advisory: RHOAI 2.21.0 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.21.0 provides these changes:...

CVE-2024-11358

Mattermost Android Mobile Apps versions =2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider...

CVE-2025-46338

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338

Audiobookshelf (self-hosted audiobook/podcast server) has a known XSS vulnerability in /api/upload (via the libraryId field) in versions prior to 2.21.0. The issue stems from improper input handling; unsanitized input is reflected in the server error message, enabling arbitrary JavaScript executi...