1397 matches found
PT-2025-53714
Name of the Vulnerable Software and Affected Versions GreenCMS versions prior to 2.3 Description A flaw exists in GreenCMS up to version 2.3 within the File Handler component, specifically in the /DataController.class.php file. Manipulation of the sqlFiles/zipFiles argument can lead to path...
CVE-2025-66116
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through = 2.3...
CVE-2025-57897
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through = 2.3...
CVE-2025-66116
CVE-2025-66116 relates to a Information Disclosure vulnerability in the WordPress plugin Ultimate Member Widgets for Elementor (ultimate-member-widgets-for-elementor). The issue is described as Insertion of Sensitive Information Into Sent Data, enabling retrieval of embedded sensitive data. Affec...
Next level Kotlin support in Spring Boot 4
Following the announcement of the strategic partnership between JetBrains and Spring in May, I would like to share a global update on various Kotlin-related features and documentation enhancements we have made recently, with the goal of making Spring Boot 4 the best framework to develop backend...
WordPress Design Import/Export plugin <= 2.2 - Authenticated (Administrator+) SQL Injection via XML File Import vulnerability
Authenticated Administrator+ SQL Injection via XML File Import vulnerability discovered by ChamlaVic in WordPress Plugin Design Import/Export versions = 2.2...
CVE-2022-46845
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3...
EUVD-2025-201989
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...
CVE-2022-46845 WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3...
WordPress plugin Make Section Column Clickable For Elementor 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to set up a personal blog site on a PHP and MySQL based server. A cross-site scripti...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
PT-2025-47290
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description The commissioning wizard does not validate if the device is already initialized. This allows an unauthenticated remote attacker to construct HTTP POST requests to set or modify root credentials without...
Ubuntu: Security Advisory (USN-7840-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-62982
CVE-2025-62982 : WordPress plugin Dynamic User Directory (<= v2.3) contains a stored XSS flaw due to improper input neutralization during page generation. Wordfence corroborates the CVE and notes the issue affects Dynamic User Directory
Security Bulletin: IBM Fusion HCI is vulnerable to potential container escapes
Summary An OpenShift or Fusion administrator, or potentially an attacker who gains access to a certain Storage Fusion containers, can gain access to underlying node linux capabilities, increasing the possibility of a container escape such as CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-018...
EUVD-2014-1479
Malware in sbrugna...
EUVD-2019-0731
Malware in sbrugna...
EUVD-2020-18160
Malware in sbrugna...
EUVD-2005-3830
Malware in sbrugna...
EUVD-2009-3295
Malware in sbrugna...