EUVD-2025-93537

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

EUVD-2025-93541

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2025-23357

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2025-7632

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report...

CVE-2025-7430 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report...

CVE-2025-7430

Summary: CVE-2025-7430 affects Zohocorp ManageEngine Exchange Reporter Plus. The vulnerability is a Stored XSS in the Folder Message Count and Size report . Affected versions are 5723 and below . The root cause is not explicitly broken out in all sources, but descriptions consistently indicate th...

PT-2025-46369

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron-LM affected versions not specified Description The software contains a flaw in a script that could allow an attacker to inject code by providing malicious data. Exploitation of this issue may result in code execution, privilege...

PT-2025-46318

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below Description The software contains a Stored Cross-Site Scripting XSS issue within the Folder Message Count and Size report. This allows for the injection of malicious scripts...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CVE-2025-12475

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-34278 Nagios Network Analyzer < 2024R1 Source Groups / Percentile Calculator Menu Stored XSS

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability in the Source Groups page percentile calculator menu. An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a...

CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring MBI modules allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15...

Linux Distros Unpatched Vulnerability : CVE-2025-62695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda...

EUVD-2025-35443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pco58 WC Return products wc-return-product allows Reflected XSS.This issue affects WC Return products: from n/a through = 1.5...

WordPress plugin Simple Stripe Checkout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

SUSE CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

UBUNTU-CVE-2025-62698

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects Mediawiki - ExternalGuidance: from master before 1.39...

CVE-2025-8561

The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-10557

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-11628 jimit105 Project-Online-Shopping-Website Product Inventory delete.php sql injection

A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument productcode causes sql injection. It is possible...