EUVD-2022-55675

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS in the update checking feature. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

Siemens SIMATIC Devices Improper Locking (CVE-2024-50210)

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27038)

Vulnerability in Linux kernel: clk: clkcoreget NULL dereference It is possible for clkcoreget to dereference a NULL in the following sequence: clkcoreget ofclkgethwfromclkspec ofclkgethwfromprovider clkgethw clkgethw can return NULL which is dereferenced by clkcoreget at hw-core. Prior to commit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-43893)

serial: core: vulnerability due to a missing check for uartclk being zero, leading to a potential divide-by-zero error when calling ioctl TIOCSSERIAL with an invalid baudbase. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

RejSCore: Rejection Sampling Core for Multivariate-Based Public Key Cryptography

Post-quantum multivariate public key cryptography MPKC schemes resist quantum threats but require heavy operations, such as rejection sampling, which challenge resource-limited devices. Prior hardware designs have addressed various aspects of MPKC signature generation. However, rejection sampling...

CVE-2025-10701

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress plugin Time Clock 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-10701

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-10701

The Time Clock WordPress plugin is affected by CVE-2025-10701: a stored cross-site scripting vulnerability in the data parameter, present in all versions up to 1.3.1 due to insufficient input sanitization/output escaping. Exploitation requires authenticated access with Time Clock user credentials...

CVE-2025-10701 Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

EUVD-2025-35818

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-10701 Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress All in One Time Clock Lite plugin unsafe direct object reference vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...

PT-2025-43585

Name of the Vulnerable Software and Affected Versions The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress versions prior to 1.3.2 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping of...

WordPress Time Clock plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Time Clock versions = 1.3.1...

CVE-2025-6833

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-7835-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7835-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

USN-7835-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-2 linux-realtime, linux-realtime-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-2: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...