CVE-2025-40780

CVE-2025-40780 concerns BIND where a weakness in the PRNG can allow an attacker to predict the source port and query ID used by BIND. Connected advisories confirm this affects multiple BIND9 SPANs across releases (e.g., 9.16.x, 9.18.x, 9.20.x, 9.21.x) and related package updates. The root cause i...

EUVD-2025-35392

Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through = 2.0.2...

EUVD-2025-35516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

CVE-2025-49945

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

CVE-2025-62009

CVE-2025-62009 is a CSRF vulnerability in the WordPress plugin UPC/EAN/GTIN Code Generator (versions

CVE-2025-62009 WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through = 2.0.2...

CVE-2025-49945

The CVE-2025-49945 entry concerns the WordPress Shortcode Generator plugin (shortcode-generator) with a Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web-page generation. Affected versions are listed as up to 1.1, and the issue is described as Reflected X...

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

WordPress plugin Shortcode Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

ISC BIND 9 安全漏洞

ISC BIND 9 is a Domain Name System software from the ISC organization. ISC BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39- S1, and 9.20.9-S1 through 9.20.13-S1, a security...

WordPress plugin UPC/EAN/GTIN Code Generator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-43415

Name of the Vulnerable Software and Affected Versions Sakai versions prior to 23.5 Sakai versions prior to 25.0 Description Sakai is a Collaboration and Learning Environment. The EncryptionUtilityServiceImpl component initialized an AES256TextEncryptor password serverSecretKey using...

PT-2025-43206

Name of the Vulnerable Software and Affected Versions Shortcode Generator versions through 1.1 Description The software contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-site Scripting XSS. This means that malicious code can be injected...

Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice

Impact This vulnerability allows malicious actors to force the application server to send HTTP requests to both external and internal servers. In certain cases, this may lead to access to internal resources such as databases, file systems, or other services that are not supposed to be directly...

Debian dla-4338 : pgagent - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4338 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4338-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-10041

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

EUVD-2025-34561

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-10041

The CVE-2025-10041 entry concerns the Flex QR Code Generator WordPress plugin. Affected versions include all up to and including 1.2.5, where missing file type validation in the save_qr_code_to_db() function allows unauthenticated arbitrary file uploads, potentially enabling remote code execution...

CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...