CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

CVE-2025-64196

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through = 7.2.5...

EUVD-2018-10631

Malware in sbrugna...

EUVD-2023-58236

Malicious code in bioql PyPI...

Fortinet FortiClientEMS 代码问题漏洞

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S. company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. A code issue vulnerability exists in...

CVE-2025-22252

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin...

PT-2025-14085 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

WordPress plugin Booster for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Booster for WooCommerce versions = 7.2.4...

CVE-2025-1232

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks...

CVE-2024-36508

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose...

PT-2025-2438 · Fortinet · Fortimanager +3

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer versions 6.4.0 through 6.4.14 FortiAnalyzer versions 7.0.0 through 7.0.12 FortiAnalyzer versions 7.2.0 through 7.2.5 FortiAnalyzer versions 7.4.0 through 7.4.3 FortiAnalyzer Cloud versions 6.4.1 through 6.4.7 FortiAnalyzer Cloud...

CVE-2024-31496

A stack-based buffer overflow vulnerability CWE-121 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or...

Fortinet FortiManager 安全漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and the ability to group devices into different administrative domains ADOMs to further simplify multi-device security deployme...

PT-2024-25282 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer versions 6.4.0 through 6.4.14 FortiAnalyzer versions 7.0.0 through 7.0.12 FortiAnalyzer versions 7.2.0 through 7.2.5 FortiAnalyzer versions 7.4.0 through 7.4.2 FortiManager versions 6.4.0 through 6.4.14 FortiManager versions 7.0...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

Fortinet FortiAnalyzer 格式化字符串错误漏洞

Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet, Inc. The product is mainly used to collect network log data and analyze, report, and archive operations on security events, network traffic, Web content, etc. in the logs through the reporting suite. A...

RHSA-2018:3593 Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 7 security and bug fix update

Bulletin has no description...

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...