CVE-2025-46491

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Muro Multi-Column Taxonomy List multi-column-taxonomy-list allows Stored XSS.This issue affects Multi-Column Taxonomy List: from n/a through = 1.5...

CVE-2025-46491 WordPress Multi-Column Taxonomy List plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Muro Multi-Column Taxonomy List multi-column-taxonomy-list allows Stored XSS.This issue affects Multi-Column Taxonomy List: from n/a through = 1.5...

CVE-2025-46491

CVE-2025-46491 describes a Stored XSS in the WordPress plugin Multi-Column Taxonomy List caused by improper neutralization of input during web page generation. The vulnerability affects versions up to 1.5 (as reported). The connected documents confirm the XSS type and the affected plugin, but the...

CVE-2025-46491 WordPress Multi-Column Taxonomy List plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Muro Multi-Column Taxonomy List multi-column-taxonomy-list allows Stored XSS.This issue affects Multi-Column Taxonomy List: from n/a through = 1.5...

WordPress plugin Multi-Column Taxonomy List 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

DEBIAN-CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

Security update for expat

This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion bsc1239618 Other fixes: - version update to 2.7.1 jscPED-12500 Bug fixes: 980 989 Restore event pointer...

[SECURITY] Fedora 41 Update: perl-DBIx-Class-EncodedColumn-0.11000-1.fc41

This DBIx::Class component can be used to automatically encode a column's...

SurrealDB has local file read of 2-column TSV files via analyzers

An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...

GHSA-2CVJ-G5R5-JRRG SurrealDB has local file read of 2-column TSV files via analyzers

An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...

The vulnerability of the dfe_inx_op_col_def_table component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the dfeinxopcoldeftable component in the Virtuoso-OpenSource web application development platform is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending...

DEBIAN-CVE-2025-27552

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2025-27552

CVE-2025-27552 affects the Perl DBIx::Class::EncodedColumn component, where the salting of password hashes uses the non-cryptographically secure rand() function in Crypt/Eksblowfish/Bcrypt.pm. The issue impacts DBIx::Class::EncodedColumn up to version 0.00032. According to the connected documents...

WordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Plugins Last Updated Column versions = 0.1.3...

CVE-2025-28887

CVE-2025-28887 describes a Cross-Site Request Forgery (CSRF) vulnerability in WordPress plugin Plugins Last Updated Column (Last Updated Column) affecting versions up to and including 0.1.3 . The issue is reported by multiple sources (NVD, CVE list, Patchstack) with a CVSS v3.1 base score of 4.3 ...

CVE-2025-28887 WordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through = 0.1.3...

MENNEKES Charging column Smart 安全漏洞

MENNEKES Charging column Smart is a smart charging column from MENNEKES. A security vulnerability exists in MENNEKES Charging column Smart versions prior to 2.15, which originates from the ability to read arbitrary files...

CVE-2024-51962

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated non admin privileges. There is a high impact to integrity and confidentiality and no impact to availabilit...

CVE-2024-51962

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced...

CVE-2024-51962

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced...