CVE-2025-10490

CVE-2025-10490 affects Zephyr Project Manager, a WordPress plugin. A Stored XSS flaw exists in admin settings across all versions up to 3.3.202, exploitable by authenticated administrators (and above) on multi-site setups with unfiltered_html disabled. Impact is arbitrary script injection that ex...

CVE-2025-10490 Zephyr Project Manager <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2016-9904

creationtimestamp| type| source ---|---|--- 2025-09-26 05:00:00+00:00| seen| https://projectzero.google/2025/09/pointer-leaks-through-pointer-keyed.html 2025-09-26 15:00:00+00:00| seen| https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html...

CVE-2017-5378

creationtimestamp| type| source ---|---|--- 2025-09-26 05:00:00+00:00| seen| https://projectzero.google/2025/09/pointer-leaks-through-pointer-keyed.html 2025-09-26 15:00:00+00:00| seen| https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html...

[SECURITY] Fedora 42 Update: trustee-guest-components-0.13.0-3.fc42

Running in a confidential VM, gather confidential-computing evidence, send it to Trustee and get secrets. A part of the confidential-containers project...

WordPress Zephyr Project Manager plugin <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Zephyr Project Manager versions = 3.3.202...

PT-2025-39518

Name of the Vulnerable Software and Affected Versions Zephyr Project Manager plugin for WordPress versions prior to 3.3.203 Description The Zephyr Project Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output...

WordPress plugin Zephyr Project Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.10 up to and...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 16.6 through 18.2.7 prior, 18.3 through 18.3.3 prior, and 18.4 through 18.4.1 prior, which stems from the ability of a project...

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

CVE-2025-10946

A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product...

Libxslt 安全漏洞

Libxslt is a Libxslt open source XSLT C library developed for the GNOME project. A security vulnerability exists in Libxslt that stems from a post-release reuse issue when parsing xsl nodes, which could lead to dereferencing of expired pointers and application crashes...

Car Rental Project carrental/search.php file cross-site scripting vulnerability

Car Rental Project is a car rental program. Car Rental Project suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter autofocus in the file /carrental/search.php, which can be exploited by an attacker t...

PT-2025-39626

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.10 through 18.2.6 GitLab CE/EE versions 18.3 through 18.3.2 GitLab CE/EE versions 18.4 through 18.4.0 Description An issue exists in GitLab CE/EE that could allow an authenticated user to gain unauthorized access to...

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE...

CVE-2025-58269

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...