Unity Linux 20.1070e Security Update: expat (UTSA-2026-017381)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017381 advisory. In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString. Tenable has extracted the preceding description block directly from the Unity Linux...

CVE-2026-25314 WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through = 1.3.31...

CVE-2019-25314

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

MiracleLinux 9 : expat-2.2.10-12.el9.2 (AXSA:2022-3997:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3997:08 advisory. expat: stack exhaustion in doctype parsing CVE-2022-25313 expat: integer overflow in copyString CVE-2022-25314 Tenable has extracted the preceding...

CVE-2023-25314

Cross Site Scripting XSS vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user...

CVE-2024-25314

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2...

Alibaba Cloud Linux 3 : 0128: expat (ALINUX3-SA-2022:0128)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0128 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-25313: In Expat aka libexpat befo...

CVE-2024-25314

creationtimestamp| type| source ---|---|--- 2024-02-09 15:31:16+00:00| seen| https://t.me/ctinow/182072 2024-02-12 17:17:16+00:00| seen| https://t.me/ctinow/183256 2024-03-03 07:36:31+00:00| seen| https://t.me/ctinow/198586...

CVE-2024-25314

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2...

CVE-2024-25314

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2...

CVE-2024-25314

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2...

CVE-2024-25314

Code-projects Hotel Managment System 1.0 is affected by CVE-2024-25314. The vulnerability is a SQL Injection via the sid parameter in Hotel/admin/show.php?sid=2, impacting confidentiality, integrity, and availability (CVSS v3.1: 9.8). The available documents identify the affected component and th...

BELL-CVE-2022-25314 CVE-2022-25314 does not affect BellSoft software

Bulletin has no description...

Nessus Network Monitor < 6.2.1 Multiple Vulnerabilities (TNS-2023-19)

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-19 advisory. - Nessus Network Monitor leverages third-party software to help provide underlying...

CVE-2023-25314

creationtimestamp| type| source ---|---|--- 2023-04-25 20:25:00+00:00| seen| https://t.me/cibsecurity/62821...

CVE-2023-25314

Cross Site Scripting XSS vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user...

CVE-2023-25314

The CVE describes a Cross-Site Scripting (XSS) in World Wide Broadcast Network AVideo before 12.4, exploited via the success parameter to /user. Technical sources confirm the issue stems from insufficient input handling in that parameter, enabling an attacker to exfiltrate or inject data. Affecte...

CVE-2023-25314

Cross Site Scripting XSS vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user...

Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2023-058)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-058 advisory. In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in libexpat (CVE-2022-25314).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution caused by a buffer overflow in libexpat CVE-2022-25314. Libexpat is used as part of the base image included in our service components. Please read the details for remediation below...