185 matches found
CVE-2025-59135
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...
CVE-2025-59135
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...
EUVD-2025-205994
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5...
CVE-2025-59135 WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...
CVE-2025-59135 WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...
CVE-2025-59135
Technical details for CVE-2025-59135 are not provided in the supplied documents; no affected products, vectors, or remediation are disclosed here. Monitor for updates from official advisories.
CVE-2025-59137
Cross-Site Request Forgery CSRF vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...
CVE-2025-59137 WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...
WordPress plugin Behance Portfolio Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...
WordPress plugin Behance Portfolio Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
PT-2025-54414
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5...
WordPress Survey & Poll plugin <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WordPress Survey & Poll versions = 1.7.5...
CVE-2025-64767
hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...
CVE-2025-64767
hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...
CVE-2025-64767 hpke-js reuses AEAD nonces
hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...
CVE-2025-64767
CVE-2025-64767 (hpke-js) affects hpke-js prior to version 1.7.5, where the public SenderContext Seal() API can race and reuse the same AEAD nonce for multiple calls. This nonce reuse can lead to complete loss of confidentiality and integrity of produced messages. The issue is fixed in version 1.7...
CVE-2025-64767 hpke-js reuses AEAD nonces
hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...
Nonce Reuse
Overview @hpke/core is an A Hybrid Public Key Encryption HPKE core module for various JavaScript runtimes Affected versions of this package are vulnerable to Nonce Reuse via the public SenderContext Seal API. An attacker can compromise the confidentiality and integrity of encrypted messages by...
PT-2025-47653
Name of the Vulnerable Software and Affected Versions hpke-js versions prior to 1.7.5 Description The software contains a race condition in the public SenderContext Seal API. This allows the reuse of the same AEAD nonce for multiple Seal calls, potentially leading to a complete loss of...
EUVD-2025-37309
The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zfgetfilebyurl function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary...