CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

EUVD-2025-34532

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

ULTIMATE-CYBERSECURITY-MASTER-GUIDE

🛡️ ULTIMATE CYBERSECURITY MASTER GUIDE COLLECTION 📊 Comple...

EUVD-2021-11071

Malware in sbrugna...

custom_pentest_scripts

custompentestscripts This...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8453

CVE-2025-8453 describes a CWE-269 vulnerability in Schneider Electric Saitel DR RTU (and related RTU products) where a privileged engineer with console access can modify a configuration file used by a root‑level daemon to execute scripts, enabling privilege escalation and potential arbitrary code...

CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration

The advanced persistent threat APT actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary...

PT-2023-29284 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS version 9.2.1 Description: The issue concerns multiple Cross Site Scripting XSS vulnerabilities that allow an attacker to execute arbitrary code via a crafted script. This can be done by exploiting the Header and Footer Tracking...

Arbitrary Code Execution

jena-arq is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the insufficient validation of user scripting queries in the library, which allows an attacker to inject and execute malicious JavaScript via a SPARQL query when invoking custom scripts...

DEBIAN-CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

UBUNTU-CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

PT-2023-18612 · Apache +1 · Apache Jena +1

Name of the Vulnerable Software and Affected Versions: Apache Jena versions 3.7.0 through 4.8.0 Description: The issue is related to insufficient checking of user queries and restrictions of called script functions in Apache Jena, allowing a remote user to execute arbitrary javascript via a SPARQ...

What’s Next After Log4Shell?

How To Deal With the Next Open-Source Vulnerability Using Custom Scripts A critical vulnerability in Apache’s Log4j Java-based logging utility CVE-2021-44228 was previously referred to as the “most critical vulnerability of the last decade.” In the wake of Log4Shell exploits, many security...

Put SecOps in the Driver’s Seat with Custom Assessment and Remediation

When zero-day threats emerge, time is of the essence. Security teams struggle to manage and respond to a range of challenges that often require custom approaches outside of existing vulnerability and security programs. Recently, many companies scrambled to mount their defenses against the Log4She...

ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CNVD-2022-55220)

ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud applications from ZOHO, Inc. version 6122, a remote code execution vulnerability exists that can be exploited by remote and partially authenticated...