CVE-2024-1679

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields in all versions up to, and including, 3.4.6 due to insufficient input sanitization and...

CVE-2024-24886

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acowebs Product Labels For Woocommerce Sale Badges allows Stored XSS.This issue affects Product Labels For Woocommerce Sale Badges: from n/a through 1.5.3...

CVE-2024-35675

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting XSS.This issue affects Advanced Woo Labels: from n/a through 1.93...

CVE-2024-43310

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9...

CVE-2023-48835

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

CVE-2022-0399

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the taxcolorsettype parameter before outputting it back in the berocketaplcolorlistener AJAX action's response, leading to a Reflected Cross-Site Scripting...

CVE-2021-24608

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2020-2141

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

CVE-2019-15583

An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API...

CVE-2012-6565

Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...

DRUPAL-CONTRIB-2025-064

This module provides a block to easily display a rendered node. The module doesn't check access to content before displaying it to a visitor, allowing unauthorized users to retrieve a list of labels of all nodes...

SUSE-SU-2025:20328-1 Security update for elemental-operator

This update for elemental-operator fixes the following issues: - Updated to v1.7.2: Updated header year CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238700 CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange of...

CodeBC: a More Secure Large Language Model for Smart Contract Code Generation in Blockchain

Large language models LLMs excel at generating code from natural language instructions, yet they often lack an understanding of security vulnerabilities. This limitation makes it difficult for LLMs to avoid security risks in generated code, particularly in high-security programming tasks such as...

Trace Gadgets: Minimizing Code Context for Machine Learning-Based Vulnerability Prediction

As the number of web applications and API endpoints exposed to the Internet continues to grow, so does the number of exploitable vulnerabilities. Manually identifying such vulnerabilities is tedious. Meanwhile, static security scanners tend to produce many false positives. While machine...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-46695 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

RHEL 7 : openvswitch (RHSA-2016:0523)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0523 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

CVE-2025-32188

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through = 2.15...

CVE-2025-32188

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through = 2.15...