CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent...

PT-2025-28007

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A race condition exists between nfsd registration and exports proc, which can cause a kernel OOPs. This issue is triggered by a race between the exportfs -r command and the mount -...

PT-2025-7221 · Unknown · Bplugins Timeline Block

Name of the Vulnerable Software and Affected Versions: bPlugins Timeline Block versions n/a through 1.1.1 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

Azure Linux 3.0 Security Update: vim (CVE-2025-22134)

The version of vim installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22134 advisory. - When switching to other buffers using the :all command and visual mode still being active, this May cause a...

PT-2025-2152 · WordPress · Frictionless

Name of the Vulnerable Software and Affected Versions: Frictionless plugin for WordPress versions up to, and including, 0.0.23 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the frictionless form shortcode. This allows...

CVE-2024-54462

The file names constructed within imagepicker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could...

PT-2025-5041 · Unknown · Kiro G. Formatted Post

Name of the Vulnerable Software and Affected Versions: Kiro G. Formatted post versions n/a through 1.01 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker can inject...

PT-2025-4213 · Microsoft · Windows Secure Kernel Mode +1

Name of the Vulnerable Software and Affected Versions: Windows Secure Kernel Mode affected versions not specified Description: An elevation-of-privilege issue allows attackers to affect the system. The issue is related to incorrect permission assignment for a critical resource. Technical details...

PT-2025-1969 · WordPress · Adforest

Name of the Vulnerable Software and Affected Versions: AdForest theme for WordPress versions up to and including 5.1.7 Description: The issue concerns unauthorized modification of data due to a missing capability check on several AJAX actions, such as the sb remove ad action. This allows...

PT-2024-35913 · Unknown · Floristpress

Name of the Vulnerable Software and Affected Versions: FloristPress versions 7.3.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For FloristPress versions 7.3....

PT-2024-35298 · Templines · Templines Tm Islamic Helper

Name of the Vulnerable Software and Affected Versions: Templines TM Islamic Helper versions 1.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables malicious script...

PT-2024-16373 · WordPress · Cleantalk

Name of the Vulnerable Software and Affected Versions: Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.145 Description: The issue is related to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken...

Fedora 37 : libmodsecurity (2022-90453044f3)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-90453044f3 advisory. Update to maintenance release 3.0.8 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

PT-2024-16347 · Kognetiks · Kognetiks Chatbot For Wordpress

Name of the Vulnerable Software and Affected Versions: Kognetiks Chatbot for WordPress plugin versions up to, and including, 2.1.7 Description: The Kognetiks Chatbot for WordPress plugin has a vulnerability that lets users change data without permission due to a missing capability check on the ad...

PT-2024-12196 · Enel X · Waybox Enel X

Name of the Vulnerable Software and Affected Versions: Waybox Enel X versions prior to the latest version Description: Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be...

PT-2024-39317 · WordPress · Suki Sites Import

Name of the Vulnerable Software and Affected Versions: Suki Sites Import plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

PT-2024-39475 · Sendpulse · Sendpulse Free Web Push

Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...

SUSE: Security Advisory (SUSE-SU-2024:3523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Android Automotive OS Update Bulletin—October 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2024-10-05 or later from the October 2024 Android Security Bulletin in addition to all issues in thi...

PT-2024-39442 · WordPress · Common Tools For Site

Name of the Vulnerable Software and Affected Versions: Common Tools for Site plugin for WordPress versions up to, and including, 1.0.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...