1611 matches found
CVE-2025-23488
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abolfazl Sabagh rng-refresh rng-refresh allows Reflected XSS.This issue affects rng-refresh: from n/a through = 1.0...
CVE-2025-23488 WordPress rng-refresh plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abolfazl Sabagh rng-refresh rng-refresh allows Reflected XSS.This issue affects rng-refresh: from n/a through = 1.0...
CVE-2025-23488 WordPress rng-refresh plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound rng-refresh allows Reflected XSS. This issue affects rng-refresh: from n/a through 1.0...
CVE-2025-23488
CVE-2025-23488 affects the WordPress rng-refresh plugin (versions
WordPress plugin rng-refresh 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
CVE-2024-2321
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
SUSE CVE-2025-21819
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/display: Use HW lock mgr for PSR1" This reverts commit a2b5a9956269 "drm/amd/display: Use HW lock mgr for PSR1" Because it may cause system hang while connect with two edp panel...
Incorrect Authorization
Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in...
Incorrect Authorization
Overview org.wso2.am:am-parent is a WSO2 API Manager - Aggregator Module Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in possession of a valid admin refresh token to gain unauthorized access to API resources by using a refresh token instead o...
GHSA-6QJP-WM6G-M32R WSO2 incorrect authorization vulnerability
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
WSO2 incorrect authorization vulnerability
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
CVE-2024-2321
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
CVE-2024-2321
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
CVE-2024-2321 Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
CVE-2024-2321 Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
CVE-2024-2321
WSO2 CVE-2024-2321 involves an incorrect authorization vulnerability across multiple WSO2 products that allows API access using a refresh token instead of an access token due to inadequate authorization checks and token mapping. Connected sources corroborate the issue and note that exploitation r...
PT-2025-8912 · Wso2 · Wso2
Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: An issue exists where protected APIs can be accessed directly using a refresh token instead of the expected access token, due to improper authorization checks and token mapping. This...
WSO2 API Manager和WSO2 Identity Server 安全漏洞
WSO2 API Manager and WSO2 Identity Server IS are both products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server is an identity server. A security vulnerability exists in WSO2 API Manager and WSO2 Identity Server that stems from improper authorization...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a management frame refresh failure due to a deadlock in ath11k...
Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 bsc1236470: CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API bsc1236278. Patch Instructions: To install this SU...