Xerte Online Toolkits 安全漏洞

Xerte Online Toolkits is an online learning content creation platform provided by Xerte Ltd. in the UK. Versions of Xerte Online Toolkits 3.15 and earlier contained a security vulnerability. This vulnerability stemmed from the unvalidated user-accessible /setup page, which allowed access to the...

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002567 advisory. The handleinvept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service NULL pointer...

OPENSUSE-SU-2025:15713-1 python315-3.15.0~a1-1.1 on GA media

These are all security issues fixed in the python315-3.15.0a1-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-28131

Malicious code in bioql PyPI...

CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

DEBIAN-CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792

Nextcloud Desktop prior to version 3.15 is affected: 3rd-party applications already installed on a user machine can create link shares for nearly all data through the socket API, enabling exfiltration to external services. The vulnerability’s impact is rated high for confidentiality and low for i...

PT-2024-28214 · Artistscope · Artistscope Copysafe Web Protection

Name of the Vulnerable Software and Affected Versions: ArtistScope CopySafe Web Protection versions 3.15 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS...

WordPress CopySafe Web Protection plugin <= 3.15 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin CopySafe Web Protection versions = 3.15...

WordPress CopySafe Web Protection Plugin <= 3.15 is vulnerable to Cross Site Scripting (XSS)

Software CopySafe Web Protection Type Plugin Vulnerable versions = 3.15 Fixed in 4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38781 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d8ce0e7d373e Credits LVT-tholv2k Required...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3518 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fe78e3bb0aff Credits Thanh Nam Tran Required privilege Contributo...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2ec0a790f20 Credits Le Ngoc Anh...

CVE-2024-3519 Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

Open eClass Platform 权限许可和访问控制问题漏洞

Open eClass Platform is an integrated course management system for Open eClass. A privilege permission and access control issue vulnerability exists in Open eClass Platform version 3.15. An attacker can exploit this vulnerability to execute arbitrary commands...

Bludit Security Breach

Bludit is an open source lightweight blog content management system CMS. A security vulnerability exists in Bludit CMS version 3.15, which stems from a cross-site scripting XSS vulnerability in the file edit-content.php...

GSD-2022-1006031 i2c: cadence: Support PEC for SMBus block read

i2c: cadence: Support PEC for SMBus block read This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.211 by commit...

GSD-2022-1005872 i2c: cadence: Support PEC for SMBus block read

i2c: cadence: Support PEC for SMBus block read This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...