12965 matches found
ALSA-2025:20181 Important: pam security update
Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: linux-pam: Linux-pam directory Traversal CVE-2025-6020 For more details about the security issues, including the impact, a CVSS...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
Important: kernel-livepatch-6.12.48-67.114
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-39955 Affected Packages: kernel-livepatch-6.12.48-67.114 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Fedora: Security Advisory (FEDORA-2025-66fb3fa6b0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-12498
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
Fedora 42 : dotnet9.0 (2025-e9c0b9e1b4)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e9c0b9e1b4 advisory. This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10. Release Notes: - SDK:...
CVE-2025-12862
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...
EUVD-2025-38365
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-12527
The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12498
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-12498
CVE-2025-12498 affects the WordPress plugin EventPrime – Events Calendar, Bookings and Tickets. The issue is a missing capability check in the booking_add_notes function across versions up to and including 4.2.0.0, allowing authenticated users with Subscriber-level access or higher to create note...
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-63640
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Medicine Name" and "Notes Optional" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser up...
WordPress plugin EventPrime 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-45556
Name of the Vulnerable Software and Affected Versions EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to and including 4.2.0.0 Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is susceptible to unauthorized booking note...
EUVD-2025-38300
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Medicine Name" and "Notes Optional" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser up...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63640
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Medicine Name" and "Notes Optional" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser up...