CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

WordPress MeetingList plugin <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin MeetingList versions = 0.11...

CVE-2025-12065

CVE-2025-12065 affects the WP Carticon WordPress plugin. The vulnerability is a stored cross-site scripting (XSS) via the carticon_js_script parameter in all versions up to and including 1.0.0, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admi...

CVE-2025-12393 Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

CVE-2024-13997

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actio...

CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

CVE-2025-11927

CVE-2025-11927 – Flying Images plugin (WordPress) is affected in versions up to 2.4.14. The vulnerability is an authenticated (Admin+) Stored Cross-Site Scripting flaw in admin settings caused by insufficient input sanitization and output escaping. Successful exploitation enables an attacker with...

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

EUVD-2025-37210

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

CVE-2025-34280

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

CVE-2025-63298

A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/managewebsite.php component. An authenticated user with administrative privileges can leverage this flaw by submitting a specially crafted POST request, enabling the deletion of...

CVE-2025-63298

SourceCodester Pet Grooming Management System 1.0 contains a path traversal vulnerability in admin/manage_website.php. An authenticated user with administrative privileges can exploit a crafted POST request to delete arbitrary files on the web server or underlying operating system. The vulnerabil...

CVE-2025-4106

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0...

Linux Distros Unpatched Vulnerability : CVE-2025-57567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory...

CVE-2025-4106

CVE-2025-4106 is a vulnerability in WatchGuard Fireware OS where an authenticated admin who has access to both the WebUI and the CLI can enable a diagnostic debug shell by uploading a platform/version-specific diagnostic package and executing a leftover diagnostic command. Affected versions are F...

CVE-2025-4106 WatchGuard Firebox leftover debug code vulnerability

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0...