CVE-2025-3489 Nababur Simple-User-Management-System register.php cross site scripting

A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site scripting. The attack may be launched...

CVE-2025-31012 WordPress Age Gate plugin <= 3.5.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Phil Age Gate age-gate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Age Gate: from n/a through = 3.5.4...

CVE-2025-31012

CVE-2025-31012 describes a Missing Authorization vulnerability in the WordPress plugin “Age Gate,” affecting versions up to 3.5.4. The root cause is missing authorization checks, allowing access to functionality unconstrained by ACLs. The Wordfence vulnerability entry confirms this issue and note...

Containerd Find Exclude Path Detect (Linux)

Binary data containerddetect.nbin...

Pimcore's Admin Classic Bundle allows HTML Injection

Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...

GHSA-X82R-6J37-VRGG Pimcore's Admin Classic Bundle allows HTML Injection

Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...

CVE-2025-30166

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2025-30166

CVE-2025-30166 affects Pimcore’s Admin Classic Bundle. An HTML injection vulnerability resides in the /admin/email/send-test-email endpoint’s content parameter, allowing authenticated users with email-sending access to inject HTML into emails, potentially leaking session cookies or altering page ...

Update 23.18 for Microsoft Dynamics 365 Business Central 2023 Release Wave 2 (Application Build 23.18.32409, Platform Build 23.0.32309)

Update 23.18 for Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Application Build 23.18.32409, Platform Build 23.0.32309 Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a vulnerability. For more informatio...

PT-2025-15349

Name of the Vulnerable Software and Affected Versions: SMR versions prior to Apr-2025 Release 1 Description: The issue is related to an out-of-bounds read in enrollment with the cdsp frame secfr trustlet. This allows local privileged attackers to read out-of-bounds memory. Recommendations: For...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2025:1149-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1149-1 advisory. - CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web conte...

CVE-2025-3187 PHPGurukul e-Diary Management System login.php sql injection

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument logindetail leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2025-3175

A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /saveusereditprofile.php. The manipulation of the argument firstName leads to sql injection. The attack may be launched...

CVE-2025-31768

CVE-2025-31768 concerns the WordPress plugin Widget Manager Light (OTWthemes). The vulnerability is described as a Missing Authorization issue that allows accessing functionality not properly constrained by ACLs. Affected versions are Widget Manager Light up to and including 1.18 (n/a through

CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

Webmin < 2.100 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...

CVE-2025-26056

A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands ...