EUVD-2025-198427

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

CVE-2025-34332

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodesfiles\\utils\\Services. When certain service actions...

Automated Logic WebCTRL Premium Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to deceive a legitimate user into running malicious scripts or redirecting them to malicious websites. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

PT-2025-47557

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-34332

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\F2MAdmin\F2E\AudioCodesfiles\utils\Services. When certain service actions are...

CVE-2025-34332 AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\F2MAdmin\F2E\AudioCodesfiles\utils\Services. When certain service actions are...

CVE-2025-34332

CVE-2025-34332 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web administration component runs Windows service actions via helper batch scripts in C:\F2MAdmin\F2E\AudioCodes_files\utils\Services. When service actions are requested through ajaxPost.php, PH...

CVE-2025-34332 AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\F2MAdmin\F2E\AudioCodesfiles\utils\Services. When certain service actions are...

PT-2025-47482

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:F2MAdminF2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs...

PT-2025-47481

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 Description The web administration component of the software controls Windows services using batch scripts located under C:F2MAdminF2EAudioCodes...

AlmaLinux 9 : redis:7 (ALSA-2025:20955)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:20955 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Changes dialog. An attacker can execute arbitrary scripts in the context of another authenticated user's session by injecting malicious code into page titles or usernames, which is then triggered when...

CVE-2025-34323

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

EUVD-2025-197936

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab function. This makes it possible for authenticated...

CVE-2025-12404

The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeitconf function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2025-11868

The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...

PT-2025-47293

Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description A remote attacker with low privileges can upload or overwrite Python scripts. This is achieved through a path traversal of the target filename within a PHP context, leading to...

Mozilla Firefox ESR < 60.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-27 advisory. - When manipulating user events in nested loops while opening a document through script, it is possible to...

EUVD-2025-197808

Cross-Site Scripting XSS vulnerability exists in SourceCodester AI Font Matcher nid=18425, 2025-10-10 that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly...

CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...