PT-2025-52257

Name of the Vulnerable Software and Affected Versions Tina versions prior to 3.1.1 Description Tina is a headless content management system. Versions of Tina prior to 3.1.1 improperly utilize the gray-matter package, potentially allowing attackers who control the content of markdown files—such as...

WordPress 404 Solution plugin <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter vulnerability

Authenticated Admin+ SQL Injection via 'filterText' Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin 404 Solution versions = 3.1.0...

CVE-2025-66031 affecting package reaper for versions less than 3.1.1-21

CVE-2025-66031 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...

CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20

CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20. A patched version of the package is available...

CVE-2025-66030 affecting package reaper for versions less than 3.1.1-21

CVE-2025-66030 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...

CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21

CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...

CLSA-2025-1764850495 Update of mpfr

Bump version to 3.1.1-4.0.1...

CVE-2025-12173

The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on beha...

CVE-2025-12173

The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on beha...

EUVD-2025-197940

The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on beha...

WordPress plugin WP Admin Microblog 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress WP Admin Microblog plugin <= 3.1.1 - Cross-Site Request Forgery to Message Creation vulnerability

Cross-Site Request Forgery to Message Creation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Admin Microblog versions = 3.1.1...

CVE-2025-58996

Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through = 3.1.1...

EUVD-2025-38133

Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through = 3.1.1...

CVE-2025-58996

CVE-2025-58996 affects WordPress plugin WordPress Advanced Settings (Helmut Wandl)

CVE-2025-58996 WordPress Advanced Settings Plugin <= 3.1.1 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through = 3.1.1...

WordPress plugin Advanced Settings 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

SUSE CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

EUVD-2021-34708

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

CVE-2025-12147

In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...