CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

Libredesk 跨站脚本漏洞

Libredesk is a user support platform by the individual developer Abhinav Raut. A cross-site scripting vulnerability exists in versions prior to Libredesk 0.8.6-beta, which stems from a stored HTML injection issue in the contact notes feature that could lead to phishing and CSRF attacks...

PT-2025-53612

Name of the Vulnerable Software and Affected Versions Libredesk versions prior to 0.8.6-beta Description Libredesk is a self-hosted customer support desk application. A stored HTML injection issue exists in the contact notes feature. When adding notes through the POST /api/v1/contacts/id/notes...

CVE-2025-13773

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

[SECURITY] Fedora 42 Update: retroarch-1.22.0-1.fc42

libretro is an API that exposes generic audio/video/input callbacks. A fronte nd for libretro such as RetroArch handles video output, audio output, input and application lifecycle. A libretro core written in portable C or C++ can run seamlessly on many platforms with very little to no porting...

WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.8.0...

CVE-2025-13773

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

CVE-2025-13773 Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

CVE-2025-13773

CVE-2025-13773 affects Print Invoice & Delivery Notes for WooCommerce (WordPress). Unauthenticated RCE via WooCommerce_Delivery_Notes::update in versions up to 5.8.0 due to missing capability checks and DOMPDF execution path. Patch status: Patched (Wordfence intel), with the vendor tag indicating...

CVE-2025-13773 Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

VulnCheck KEV: CVE-2025-13773

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

WordPress plugin Print Invoice & Delivery Notes for WooCommerce 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

Fedora: Security Advisory (FEDORA-2025-cd7567466d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BELL-CVE-2025-68323 CVE-2025-68323 does not affect BellSoft software

Bulletin has no description...

CVE-2025-12874

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

EUVD-2025-204611

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-12874

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-12874

Quest Coexistence Manager for Notes (Free/Busy Connector modules) contains a HTTP Request/Response Smuggling flaw via Content-Length-Transfer-Encoding (CL.TE). The CVE entry notes the issue affects version 3.8.2045 and may affect other versions; impact includes bypassing access controls, web-cach...

CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...