CVE-2025-25169 WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through = 1.2...

CVE-2025-25169

CVE-2025-25169 affects the WordPress plugin Authors Autocomplete Meta Box (versions

WordPress plugin Authors Autocomplete Meta Box 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

GHSA-43G5-2WR2-Q7VJ MongoDB Shell may be susceptible to Control Character Injection via autocomplete

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

MongoDB Shell may be susceptible to Control Character Injection via autocomplete

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

MongoDB Shell may be susceptible to Control Character Injection via autocomplete

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

PT-2025-8937

Name of the Vulnerable Software and Affected Versions mongosh versions prior to 2.3.9 Description The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature can use the autocompletion feature to input and run obfuscated...

WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Authors Autocomplete Meta Box versions = 1.2...

Malicious code in autocomplete-theme-classic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 451eb3c367c19aa2d0c11a612b877514d92eb231559a3f7fff0e7bd2fc6ecb17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-42250

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via /common/autocomplete.php...

CVE-2023-42250

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via /common/autocomplete.php...

PT-2025-1476 · Unknown · Selesta Visual Access Manager

The software that is vulnerable is Selesta Visual Access Manager, specifically versions less than 4.42.2. The vulnerability is a Cross Site Scripting XSS vulnerability that can be exploited via the /common/autocomplete.php file. This vulnerability has been assigned the CVE identifier...

webmin -- CGI Command Injection Remote Code Execution

Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature...

Malicious code in autocomplete-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cd596b11e151bc765536ac31d81e6203896f3f04dbbf52913aa3b6f1fd2c3e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9009 Malicious code in autocomplete-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cd596b11e151bc765536ac31d81e6203896f3f04dbbf52913aa3b6f1fd2c3e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-45833

Mattermost Mobile Apps versions =2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a...

CVE-2024-45833 Mobile password gets saved in dictionary under conditions

Mattermost Mobile Apps versions =2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a...

CVE-2024-45833

Mattermost Mobile Apps &lt;= 2.18.0 exposes passwords: the login autocomplete is not disabled when the password is typed and the visible password is selected, allowing the password to be saved in SwiftKey’s dictionary when a special character is used and masking is off. Affected: Mattermost Mobil...

CVE-2024-45833 Mobile password gets saved in dictionary under conditions

Mattermost Mobile Apps versions =2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a...