CVE-2025-9107

Portabilis i-Diario

CVE-2025-9107 Portabilis i-Diario search_autocomplete cross site scripting

A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/searchautocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly...

CVE-2025-9107 Portabilis i-Diario search_autocomplete cross site scripting

A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/searchautocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly...

PT-2025-33636 · Portabilis · I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0 Description: A vulnerability exists in Portabilis i-Diario up to version 1.5.0, impacting an unknown function within the /alunos/search autocomplete file. Manipulation of the q argument can lead to...

MAL-2025-21501 Malicious code in gka-01-bp-address-auto-complete-by-component (npm)

The package gka-01-bp-address-auto-complete-by-component was found to contain malicious code...

CVE-2025-53857

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.3. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP5 where applicable. Multiple Cross-Site Request Forgery vulnerabilities have been addressed CVE-2020-4301, CVE-2021-20468...

Cross-site Scripting (XSS)

Overview suitable-django-autocomplete is an A suitable Django autocomplete widget using web components Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ModelAutocompleteView class due to insufficient output encoding in the autocomplete functionality. The...

CVE-2025-32918

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...

CVE-2025-53263

Cross-Site Request Forgery CSRF vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through = 1.3.4...

CVE-2025-53263

Cross-Site Request Forgery CSRF vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through = 1.3.4...

CVE-2025-53263 WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4...

CVE-2025-53263

CVE-2025-53263 describes a CSRF vulnerability in the WordPress plugin Address Autocomplete via Google for Gravity Forms (PluginsCafe), affecting versions up to 1.3.4. The issue enables cross-site request forgery with the attack surface exposed over the network and requires user interaction (UI=Re...

PT-2025-27170 · Gravity Forms · Address Autocomplete Via Google For Gravity Forms

Name of the Vulnerable Software and Affected Versions: Address Autocomplete via Google for Gravity Forms versions 1.3.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that affects the Address Autocomplete via Google for Gravity Forms plugin. This vulnerabili...

WordPress plugin Address Autocomplete via Google for Gravity Forms 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

FreeBSD : webmin -- CGI Command Injection Remote Code Execution (805ad2e0-49da-11f0-87e8-bcaec55be5e5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 805ad2e0-49da-11f0-87e8-bcaec55be5e5 advisory. Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the...

CVE-2024-3081

A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...

CVE-2023-26443

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...