511 matches found
WordPress Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection vulnerability
Cross-Site Request Forgery to Google OAuth Connection vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Foxtool All-in-One versions = 2.5.2...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...
Serendipity 代码问题漏洞
Serendipity is a PHP-based blogging system by the Serendipity team. The system supports the creation of online journals, blogs, web pages, and more. A code issue vulnerability exists in Serendipity version 2.5.0, which stems from an authenticated administrator being able to upload malicious PHP...
EUVD-2025-202017
Cross-Site Request Forgery CSRF vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through = 2.5.2...
EUVD-2025-202052
The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trimtext' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-62866 WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through = 2.5.2...
CVE-2025-67554
Summary: CVE-2025-67554 is a stored XSS vulnerability in the WordPress plugin
CVE-2025-13678
CVE-2025-13678 : The Thai Lottery Widget WordPress plugin is vulnerable to authenticated Stored Cross-Site Scripting via the thailottery shortcode in all versions up to and including 2.5 due to insufficient sanitization of width and height attributes. Attackers with Contributor-level access or hi...
WordPress plugin CRM Memberships 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2025:4264-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...
EUVD-2025-199867
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin...
mingw-expat security update
2.5.0-1 - Rebase to version 2.5.0 - Fix the following CVEs CVE-2023-52425 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 CVE-2025-59375 - Resolves: RHEL-114628...
EUVD-2025-198458
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...
WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SKT Skill Bar versions = 2.5...
HP Integrated Lights-Out Improper Access Control (CVE-2017-12542)
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 iLO 4 version prior to 2.53 was found. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
CVE-2025-65001
Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability...
PT-2025-46570
Name of the Vulnerable Software and Affected Versions Booking Calendar | Appointment Booking | Bookit plugin for WordPress versions up to and including 2.5.0 Description The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is susceptible to unauthorized data modification. This...
CVE-2025-62067
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...
EUVD-2025-38044
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...
CVE-2025-49904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: from n/a through = 2.5.3...