CVE-2025-27289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Guillien Restrict Taxonomies restrict-taxonomies allows Reflected XSS.This issue affects Restrict Taxonomies: from n/a through = 1.3.3...

CVE-2025-27289

CVE-2025-27289 refers to an unauthenticated, reflected Cross-Site Scripting vulnerability in the WordPress plugin Restrict Taxonomies (

CVE-2025-27289 WordPress Restrict Taxonomies Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Guillien Restrict Taxonomies restrict-taxonomies allows Reflected XSS.This issue affects Restrict Taxonomies: from n/a through = 1.3.3...

WordPress plugin Restrict Taxonomies 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plug-in. A cross-site scripting vulnerability exist...

PT-2025-17178 · Unknown · Fluentcommunity

Name of the Vulnerable Software and Affected Versions: FluentCommunity versions 1.2.15 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can potentially lead to security breaches. Recommendations: For versions 1.2.15 and earlie...

PT-2025-17056 · Unknown · Antoine Guillien Restrict Taxonomies

Name of the Vulnerable Software and Affected Versions: Antoine Guillien Restrict Taxonomies versions 1.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potenti...

WordPress plugin Restrict User Registration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-16348

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15 Description A command injection issue was discovered in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3, specifically via partition in the...

PT-2025-16281 · Veritas +1 · Vault Enterprise +1

Name of the Vulnerable Software and Affected Versions: Arctera eDiscovery Platform versions prior to 10.3.2 Description: The issue concerns the Arctera eDiscovery Platform, where a cleartext password is placed on a command line in EVSearcher when the Enterprise Vault Collection Module is used...

KubeFence: Security Hardening of the Kubernetes Attack Surface

Kubernetes K8s is widely used to orchestrate containerized applications, including critical services in domains such as finance, healthcare, and government. However, its extensive and feature-rich API interface exposes a broad attack surface, making K8s vulnerable to exploits of software...

PT-2025-16189 · H3C · H3C Magic Be18000 +4

Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...

CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include syste...

CVE-2025-0124

CVE-2025-0124 (PAN-OS): An authenticated attacker with network access to the PAN-OS management web interface can delete certain files as the "nobody" user (logs/config files; not system files). Affected product: PAN-OS running on Cloud NGFW; not Prisma Access. Root cause: authenticated file delet...

PT-2025-18789 · Wavlink · Wavlink Wl-Wn530Hg4

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN530H4 version 20220801 Description: The issue is related to a command injection vulnerability in the ping test function of the adm.cgi via the pingIp parameter. This allows attackers to execute arbitrary commands via a crafted...

PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include syste...

PT-2025-20360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference issue was found in the Linux kernel's cpufreq subsystem, specifically in the apple-soc driver. The apple soc cpufreq get rate function does not check if cpufre...

PT-2025-15592

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Office affected versions not specified Microsoft Office Long Term Servicing Channel affected versions not specifi...

PT-2025-15316 · WordPress · Streamit

Name of the Vulnerable Software and Affected Versions: Sreamit theme for WordPress versions prior to 4.0.2 Description: The issue is related to insufficient file validation in the st send download file function, allowing authenticated attackers with subscriber-level access or higher to download...

PT-2025-15219

Name of the Vulnerable Software and Affected Versions code-projects Patient Record Management System version 1.0 Description A critical issue has been found in the code-projects Patient Record Management System. This issue affects an unknown part of the file /dental pending.php. The manipulation ...

PT-2025-15278 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: Typecho version 1.2.1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under a comment for an Article. Recommendations: For Typecho...