CVE-2025-4369

CVE-2025-4369 refers to the Companion Auto Update WordPress plugin. Wordfence notes a stored cross-site scripting vulnerability via the update_delay_days parameter in all versions up to 3.9.2, exploitable by authenticated attackers with administrator privileges. The issue affects multi-site setup...

WordPress plugin Companion Auto Update 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Improper input validation in Microsoft AutoUpdate MAU allows an authorized attacker to elevate privileges locally...

CVE-2024-0980

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...

CVE-2023-5525

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...

CVE-2013-5568

The auto-update implementation in Cisco Adaptive Security Appliance ASA Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service device reload via crafted update data, aka Bug ID CSCui33308...

CVE-2019-17435

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installatio...

CVE-2018-20973

The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion...

CVE-2015-3612

A Cross-site Scripting XSS vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page...

PT-2025-22318 · Papin · Companion Auto Update

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is an issue that is being actively exploited. The estimated number of potentially affected devices worldwide is not available. Details about real-world incidents where this issue was...

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

Citrix Workspace for Mac does not function with background elements are disabled.

Citrix Workspace App for Mac may not function as expected if background elements are disabled. The following errors may be encountered: Users may not be able to add an account. Users may not be able to log in to the Citrix Workspace app. CWA for Mac auto-update may fail Users may encounter...

PVS SOAP Service Crashes After Running the Auto Update

Provisioning Services Simple Object Access Protocol service crashes after running the Auto Update. The Auto Update feature in Provisioning Services PVS allows a master target to receive an update and roll it out to the target devices. The completion is signaled to the Windows Application log by a...

Subhunter - A Fast Subdomain Takeover Tool

Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that performs malicious activities, such as phishing campaigns, stealing user cookies, etc. It occurs when...

Security Bulletin: An IBM QRadar SIEM ArielRESTAPI protocol is vulnerable to Improper Validation (177835)

Summary The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal and is vulnerable to improper validation of input. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtai...

Microsoft Azure Migrate Auto Update < 6.1.294.1008 XSS

The version of Microsoft Azure Migrate installed on the remote Windows host is prior to 6.1.294.1008. It is, therefore, affected by a cross-site scripting vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

Microsoft Azure Appliance Auto Update Installed (Windows)

Binary data microsoftazureapplianceautoupdatewininstalled.nbin...

Microsoft Azure Migrate Auto Update < 6.1.294.1003 RCE

The version of Microsoft Azure Appliance Auto Update, a component of Microsoft Azure Migrate, installed on the remote Windows host is prior to 6.1.294.1003. It is, therefore, affected by an unspecified remote code execution vulnerability. Note that Nessus has not tested for these issues but has...

Security Bulletin: RabbitMQ protocol as used by IBM QRadar SIEM lacks certificate validation (CVE-2023-50949)

Summary The RabbitMQ protocol used by SOAR integration for IBM QRadar SIEM lacks certificate validation and could potentially enable MITM attacks. Vulnerability Details CVEID:CVE-2023-50949 DESCRIPTION: IBM QRadar could allow an unauthorized user to perform unauthorized actions due to improper...

CVE-2024-0980

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...