WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.11...

CVE-2026-5243 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite Widget

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

CVE-2025-24977

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

CVE-2025-24977

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

CVE-2025-24977

CVE-2025-24977 (OpenCTI) affects OpenCTI prior to version 6.4.11. The vulnerability arises because a user with the privilege to manage customizations can misuse web-hooks to execute commands on the underlying infrastructure and access internal server-side secrets, effectively allowing a root shel...

PT-2025-19737 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.4.11 Description: OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11, any user with the capability manage customizations can execute commands on the underlying infrastructure where...

DEBIAN-CVE-2024-50343

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...

RHSA-2016:2072 Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11

Bulletin has no description...

CVE-2022-42476

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via...

3deecelltracker (>=0.5.0a0 <=1.0.0), abracadabra (>=0.0.0 <=0.0.7) +101 more potentially affected by CVE-2022-29238 via notebook (>=4.2.3 <=6.4.11)

notebook PYPI version =4.2.3, =0.5.0a0, =0.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =1.0.1, =0.0.48, =0.0.2a0, =1.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.2.1 - combnetdep =1.0.0 and more Source cves: CVE-2022-29238 Source advisory: OSV:PYSEC-2022-212...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scori...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scori...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update

An update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection

We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...