CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

CVE-2024-24836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

Aim allows denial of service due to no timeouts for some tracking server endpoints

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...

CVE-2025-22208 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'filteremail' parameter in the GDPR Erase Data Request search feature...

CVE-2025-22208

CVE-2025-22208 affects the Joomla JS Jobs plugin (versions 1.1.5–1.4.3). The vulnerability is a SQL injection in the GDPR Erase Data Request search, exploitable by authenticated administrators via the filter_email parameter. Underlying cause is improper input handling in the SQL query used for th...

Debian dla-3900 : ruby-httparty - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3900 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3900-1 [email protected] https://www.debian.org/lts/security/...

UBUNTU-CVE-2023-52877

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpmpdsvdm It is possible that typecregisterpartner returns ERRPTR on failure. When port-partner is an error, a NULL pointer dereference may occur as shown below. 91222.095236 T31...

Complianz – GDPR/CCPA Cookie Consent < 7.0.0 - Cross-Site Request Forgery to Data Request Deletion

Description The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the processdelete function in class-DNSMPD.php. This makes it possible for...

Vulnerabilities of the functions smb2_get_ksmbd_tcon() and smb2_check_user_session() in Linux operating system kernels, allowing attackers to enhance their privileges

The vulnerabilities of the functions smb2getksmbdtcon and smb2checkusersession in Linux operating systems are related to improper elimination of special elements in the data request logic when processing parameters like id and tree id. Exploiting these vulnerabilities can allow a remote attacker ...

PT-2024-3864 · Sap · Sap Fiori App

Name of the Vulnerable Software and Affected Versions: SAP Fiori app My Overtime Request version 605 Description: The issue is related to the absence of necessary authorization checks for authenticated users, which may lead to an escalation of privileges. It is possible to manipulate the URLs of...

CVE-2024-24836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

CVE-2024-24836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

CVE-2024-24836 WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

CVE-2024-24836

CVE-2024-24836 is a stored XSS vulnerability in the Audrasjb GDPR Data Request Form WordPress plugin, affecting versions up to 1.6. The root cause is improper input neutralization during web page generation, enabling insertion of malicious scripts that are stored and later rendered to users. Mult...

WordPress Plugin GDPR Data Request Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-20603 · Unknown · Audrasjb Gdpr Data Request Form

Name of the Vulnerable Software and Affected Versions: Audrasjb GDPR Data Request Form versions n/a through 1.6 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject...

GDPR Data Request Form < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The GDPR Data Request Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formid parameter in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software GDPR Data Request Form Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fd021f643aa Credits Ngô Thiên An ancorn from VNPT-VCI...

MyBB Export User 2.0 Cross Site Scripting

Exploit Title: MyBB Export User Plugin 2.0 – Cross-Site Scripting Date: January 29, 2021 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1408 Version: 2.0 Tested On: Windows 10 CVE: CVE-2023-27890 Description: This plugin allows users to request...