EUVD-2026-2250

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6getpcpuroute under PREEMPTRT On PREEMPTRT kernels, after rt6getpcpuroute returns NULL, the current task can be preempted. Another task running on the same CPU may then execute rt6makepcpuroute and successful...

CVE-2025-59117

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting XSS vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. Only version 4.1 was tested and confirmed as...

CVE-2025-59112

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. Only version 4.1 was tested and confirmed as vulnerable. This issue wa...

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

Linux Distros Unpatched Vulnerability : CVE-2021-2250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily...

CVE-2025-2250

creationtimestamp| type| source ---|---|--- 2025-03-13 03:44:01+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7393 2025-03-13 07:15:16+00:00| seen| https://t.me/cvedetector/20185...

CVE-2024-2250

CVE-2024-2250 — The 140+ Widgets | Best Addons For Elementor – FREE (WordPress) is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to 1.4.2 due to insufficient input sanitization and output escaping. This permits authenticated attackers with contributor-level or...

WordPress Xpro Elementor Addons Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2250 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f86252c86a0 Credits Francesco Carlucci...

Advisory ROSA-SA-2023-2250

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...

Amazon Linux 2 : open-vm-tools (ALAS-2023-2250)

The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2250 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the- middle MITM network...

CVE-2023-2250

creationtimestamp| type| source ---|---|--- 2023-04-25 00:19:32+00:00| seen| https://t.me/cibsecurity/62767...

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

CVE-2023-2250

The CVE-2023-2250 entry concerns Open Cluster Management (OCM). Affected component/condition: a user with access to worker nodes containing the cluster-manager-registration-controller or cluster-manager deployments can escalate privileges. Root cause: a malicious user can bind the cluster-admin r...

GLSA-202208-36 : Oracle VirtualBox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-36 Oracle VirtualBox: Multiple Vulnerabilities - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Difficult to exploit...

CVE-2022-2250

creationtimestamp| type| source ---|---|--- 2022-07-01 20:42:54+00:00| seen| https://t.me/cibsecurity/45492...

CVE-2022-2250

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL...

CVE-2022-2250

CVE-2022-2250 affects GitLab EE/CE open redirect in all versions before fixed releases: 14.10.5, 15.0.4, and 15.1.1. The vulnerability allows an attacker to redirect users to an arbitrary location if they trust the URL. The provided documents describe the affected product, versions, and the natur...

Mageia: Security Advisory (MGASA-2021-0197)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : virtualbox (openSUSE-SU-2021:0977-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0977-1 advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Pri...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2021:0977-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...