CVE-2024-35592

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file...

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108 , carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace the fake VLA at the end of vbvamousepointershape with a real VLA. Replace the fake VLA at the end of the vbvamousepointershape structure with a real VLA to fix a “memcpy: detected field-spanning write error...

CVE-2025-25079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...

CVE-2025-25104

Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...

CVE-2025-25149

Cross-Site Request Forgery CSRF vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through = 2.0.4...

CVE-2025-22675

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through =...

CVE-2025-25149

Cross-Site Request Forgery CSRF vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through = 2.0.4...

CVE-2025-25104

Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...

CVE-2025-25079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...

CVE-2025-25149 WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4...

CVE-2025-25149

CVE-2025-25149 corresponds to a CSRF to Stored XSS vulnerability in the WordPress Login-box plugin (versions

CVE-2025-25149 WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through = 2.0.4...

CVE-2025-25104 WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...

CVE-2025-25104

CVE-2025-25104 affects the WordPress URL-Preview-Box plugin (versions &lt;= 1.20). The vulnerability is a Cross-Site Request Forgery (CSRF) that leads to a Stored Cross-Site Scripting (XSS) condition. According to the provided metrics, the CVSS v3.1 base score is 7.1 (HIGH), with network attack v...

CVE-2025-25104 WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...

CVE-2025-25079

CVE-2025-25079 describes a Stored XSS in the WordPress plugin Simple Select All Text Box (versions up to 3.2). The vulnerability arises from improper input neutralization during web page generation, enabling attacker-supplied scripts to be stored and delivered to users. The initial records and co...

WordPress plugin URL-Preview-Box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin Simple Select All Text Box 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-5958 · Unknown · Danillo Nunes Login-Box

Name of the Vulnerable Software and Affected Versions: Danillo Nunes Login-box versions 2.0.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...