319 matches found
Security update for xen
This update for xen fixes the following issues: CVE-2025-58147, CVE-2025-58148: fixed input sanitisation in Viridian hypercalls XSA-475, bsc1251271 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
SUSE-SU-2025:3793-1 Security update for xen
This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: fixed input sanitisation in Viridian hypercalls XSA-475, bsc1251271...
EUVD-2021-11888
Malware in sbrugna...
EUVD-2021-25141
Malware in sbrugna...
EUVD-2020-29296
Malware in sbrugna...
EUVD-2021-11147
Malware in sbrugna...
EUVD-2023-43733
Malicious code in bioql PyPI...
CVE-2025-9697
The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
XAPI UTF-8 string handling
ISSUE DESCRIPTION There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the...
CVE-2023-1596
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0603
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2022-1241
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues...
CVE-2022-3925
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2021-37350
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation...
CVE-2021-24233
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute...
CVE-2021-24505
The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field...
CVE-2021-24326
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting XSS issue as user input was not properly sanitised before being output in an attribute...
CVE-2020-8429
The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs...
CVE-2024-6712
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
DRUPAL-CONTRIB-2025-029
This module enables you to obfuscate email addresses, to avoid them being easily available to spammers. The module doesn't sufficiently sanitise input when ROT13 encoding is used. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to enter specific HTML...