9740 matches found
CVE-2019-25429
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpnadvanced endpoint. Attackers can inject JavaScript code through the GLOBALNETWORKS and GLOBALDNS parameters via POST...
CVE-2019-25429 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via openvpn_advanced
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpnadvanced endpoint. Attackers can inject JavaScript code through the GLOBALNETWORKS and GLOBALDNS parameters via POST...
USN-8031-3 linux-gcp, linux-gke vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
USN-8031-3: Linux kernel vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
CVE-2026-25453
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...
CVE-2026-25412
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
USN-8028-6 linux-hwe-6.8, linux-lowlatency-hwe-6.8 vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
CVE-2026-25453
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...
CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...
CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...
CVE-2026-25453
CVE-2026-25453 : DOM-based XSS in WordPress plugin Advanced iFrame (advanced-iframe) due to improper input neutralization during web page generation. Affected: Advanced iFrame versions up to 2025.10. The CVSS v3.1 base score is 6.5 (Medium). Exploitation details are not provided in the documents;...
CVE-2026-25412
The CVE-2026-25412 entry concerns the WordPress Advanced iFrame plugin (
CVE-2026-25412
...
CVE-2026-25412
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-25412
...
CVE-2025-12884
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the placementupdateitem function. This makes it possible...
CVE-2025-14983 Advanced Custom Fields: Font Awesome <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attackers, with Contributor-level access and...
CVE-2025-14983
The CVE refers to WordPress plugin Advanced Custom Fields: Font Awesome Field (
CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...
CVE-2025-12884
CVE-2025-12884 — The WordPress plugin Advanced Ads – Ad Manager & AdSense is vulnerable to an authorization bypass in versions up to and including 2.0.14 via the function placement_update_item(). This allows authenticated attackers with subscriber-level access and above to update ad placements, p...