CVE-2025-67554

Summary: CVE-2025-67554 is a stored XSS vulnerability in the WordPress plugin

CVE-2025-13678

CVE-2025-13678 : The Thai Lottery Widget WordPress plugin is vulnerable to authenticated Stored Cross-Site Scripting via the thailottery shortcode in all versions up to and including 2.5 due to insufficient sanitization of width and height attributes. Attackers with Contributor-level access or hi...

WordPress plugin CRM Memberships 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2025:4264-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...

EUVD-2025-199867

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin...

mingw-expat security update

2.5.0-1 - Rebase to version 2.5.0 - Fix the following CVEs CVE-2023-52425 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 CVE-2025-59375 - Resolves: RHEL-114628...

EUVD-2025-198458

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SKT Skill Bar versions = 2.5...

HP Integrated Lights-Out Improper Access Control (CVE-2017-12542)

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 iLO 4 version prior to 2.53 was found. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-65001

Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability...

PT-2025-46570

Name of the Vulnerable Software and Affected Versions Booking Calendar | Appointment Booking | Bookit plugin for WordPress versions up to and including 2.5.0 Description The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is susceptible to unauthorized data modification. This...

CVE-2025-62067

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...

EUVD-2025-38044

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...

CVE-2025-49904

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: from n/a through = 2.5.3...

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

PT-2025-45109

Name of the Vulnerable Software and Affected Versions Entr'ouvert Lasso version 2.5.1 Description A denial of service issue exists in the lasso node init from message with format functionality. A specially crafted SAML response can cause memory depletion, leading to a denial of service. An attack...

CVE-2025-9544 Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

CVE-2025-49956

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anandaraj Balu Fade Slider fade-slider allows Reflected XSS.This issue affects Fade Slider: from n/a through = 2.5...