CVE-2025-69324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154.

Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-68154 DESCRIPTION: systeminformation is a System...

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization in the live queries. An attacker can access unauthorized data by sending a crafted HTTP request. Remediati...

net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.108.0), org.elasticsearch.test:framework (>=9.0.0 <=9.1.10) +3 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=9.0.0-beta1 <=9.1.7)

org.elasticsearch:elasticsearch MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =1.7.es904.0, =9.0.0, =9.1.5 Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...

EUVD-2025-22136

Malicious code in bioql PyPI...

CVE-2025-52892

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes e.g https://domain//Admin and the webserver does not strip the double slash, it can cause ...

CVE-2025-52892 EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes e.g https://domain//Admin and the webserver does not strip the double slash, it can cause ...

CVE-2025-52575

EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...

IBM Datacap 安全漏洞

IBM Datacap is a document capture and processing software from International Business Machines IBM that captures data from various sources e.g., scanner, email, fax, etc. in paper or electronic documents and converts them into editable and searchable digital formats, which are widely used in...

PT-2024-9365 · Splunk · Splunk Secure Gateway App +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Secure Gateway app versions prior to 3.4.261 Splunk Secure Gateway app versions prior to 3.7.13 Description:...

Design/Logic Flaw

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords...

Grafana Privilege Escalation Vulnerability (GHSA-jv32-5578-pxjc)

Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

PT-2022-8499 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 9.1.7 Drupal Core versions prior to 9.0.12 Drupal Core versions prior to 8.9.14 Drupal Core versions prior to 7.80 Description: A Cross-site Scripting XSS issue exists due to the sanitization API's failure to...

Drupal 9.1.x < 9.1.7 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.80, 8.9.x prior to 8.9.14, 9.0.x prior to 9.0.12 or 9.1.x prior to 9.1.7. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability due to Drupal core's sanitization AP...

Drupal 7.x, 8.x, 9.x XSS Vulnerability (SA-CORE-2021-002) - Windows

Drupal is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to weak cipher suites by successfully creating SSL connections

Summary AppScan determined that the site uses weak cipher suites by successfully creating SSL connections using each of the weak cipher suites listed here. Vulnerability Details Third Party Entry: PSIRT-ADV0026310 DESCRIPTION: Created from Advisory: ADV0026310 CVSS Base score: 5.9 CVSS Vector:...