CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 are affected by a stored XSS in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds/edits an AddIns menu entry, the label and path are stored in plugin configuration data and later rendered in the AddIns UI without ...

PT-2025-49287

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

UNA 代码问题漏洞

UNA is a suite of full-stack software platforms for building custom community websites, social networks, and collaboration centers from UNA. A code issue vulnerability exists in UNA versions 9.0.0-RC1 through 14.0.0-RC4, which stems from improper handling of the deserialization of the profileid...

CVE-2025-59704

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password...

CVE-2025-59704

The CVE-2025-59704 entry affects Entrust nShield hardware: Connect XC, 5c, and HSMi up to specific versions (through 13.6.11 and 13.7). The issue is that the BIOS menu is unpassworded, enabling an attacker with physical access to reach BIOS controls. Sources from Red Hat and NVD corroborate the B...

EUVD-2025-199937

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

CVE-2025-13793

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/headermenu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lea...

Ecommerce-Website 代码注入漏洞

Ecommerce-Website is a full-fledged e-commerce website by Winston Dsouza Individual Developer with an admin panel built using PHP and MySql. A code injection vulnerability exists in Ecommerce-Website, which stems from the incorrect operation of the parameter Error in the file...

Malicious code in @oku-ui/menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c596c8e5c233827737327907a4b122e7fc154c1865ba347b975cd3dda7b591a9 The package @oku-ui/menu was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199479

Malicious code in @oku-ui/menu npm...

MAL-2025-191260 Malicious code in @oku-ui/menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c596c8e5c233827737327907a4b122e7fc154c1865ba347b975cd3dda7b591a9 The package @oku-ui/menu was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191158 Malicious code in CodeInKlingon.git-worktree-menu (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 68ef1fadb311fcf38b0a3d9f7e7845c12f201bfdab9556387e9a8b052cec8ee5 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

WordPress Restaurant Menu by MotoPress plugin <= 2.4.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.7...

Lexmark Printers Improper Input Validation (CVE-2023-50737)

The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code. Lexmark documentation recommends that access to the SE menu be restricted to trusted personnel. %NASLMINLEVEL 80900...

CLSA-2025-1762362716 freeglut: Fix of 2 CVEs

CVE-2024-24258: fix memory leak in glutAddSubMenu function - CVE-2024-24259: fix memory leak in glutAddMenuEntry function...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates

Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...