CVE-2025-15055

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-15055

CVE-2025-15055 : WordPress SlimStat Analytics plugin is vulnerable to unauthenticated Stored Cross-Site Scripting via the notes and resource parameters in versions up to 5.3.4. The flaw arises from insufficient input sanitization and output escaping, enabling an attacker to inject script that exe...

CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-1766

Name of the Vulnerable Software and Affected Versions SlimStat Analytics plugin for WordPress versions prior to 5.3.5 Description The SlimStat Analytics plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the...

@directus/release-notes-generator (>=2.0.2 <=2.0.4), @kcconfigs/commitlint (>=0.1.0-beta.0 <=0.2.0) +76 more potentially affected by CVE-2025-69262 via @pnpm/npm-conf (>=3.0.0 <=3.0.1)

@pnpm/npm-conf NPM version =3.0.0, =2.0.2, =0.1.0-beta.0, =1000.3.5, =1000.0.4, =1000.0.4, =1000.0.4, =1000.1.0, =1002.1.1, =1008.0.2, =1016.0.0 and more Source cves: CVE-2025-69262 Source advisory: SNYK:JS-PNPMNPMCONF-14897556...

CVE-1999-0729

Buffer overflow in Lotus Notes LDAP NLDAP allows an attacker to conduct a denial of service through the ldapsearch request...

Medium: containerd

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: nerdctl

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Veeam Agent for Microsoft Windows 13.0.1.120 to 13.0.1.1009 Upgrade Notes

Article Applicability This article documents notable deviations from the standard Veeam Agent for Microsoft Windows upgrade procedure that occur only when upgrading from Veeam Backup & Replication VBR 13.0.1 build 13.0.1.180 to 13.0.1 Patch 1 build 13.0.1.1071. This patch to VBR includes a new...

CVE-2025-62087

Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through = 1.2.4...

PT-2026-25617

Name of the Vulnerable Software and Affected Versions libexif versions through 0.6.25 Description The software contains a flaw in decoding MakerNotes. Specifically, an integer underflow occurs within the exif mnote data get value function when it receives a size of 0, leading to a buffer overwrit...

CVE-2025-62087

Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through = 1.2.4...

EUVD-2025-206007

Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through 1.2.4...

CVE-2025-62087 WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through = 1.2.4...

CVE-2025-62087 WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through = 1.2.4...

WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sticky Notes for WP Dashboard versions = 1.2.4...

College Notes Uploading System Code Issue Vulnerability

College Notes Uploading System is a college notes uploading system. College Notes Uploading System has a code issue vulnerability that stems from an unknown function in the /dashboard/userprofile.php file that mishandles the image parameter. An attacker can exploit this vulnerability to upload...

WordPress plugin Sticky Notes for WP Dashboard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

PT-2025-54376

Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through 1.2.4...

College Notes Uploading System /login.php File SQL Injection Vulnerability

College Notes Uploading System is a college notes uploading system. College Notes Uploading System suffers from a SQL injection vulnerability that originates from the mishandling of the User parameter operation by an unknown handler function in the /login.php file. An attacker can use this...