121 matches found
PT-2025-28838 · Unknown · Sala - Startup & Saas Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Sala - Startup & SaaS WordPress Theme versions prior to 1.1.5 Description: The issue arises from the theme's failure to properly validate a user's identity before updating their details, such as the password. This allows unauthenticated...
Tenable Nessus Multiple Vulnerabilities (TNS-2025-13)
Tenable Nessus is prone to multiple vulnerabilities in various third-party components libxml2, libxslt. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
PT-2025-27660 · Unknown · Xinference
Name of the Vulnerable Software and Affected Versions: Xinference versions prior to 1.4.0 Description: The issue is related to incorrect access control, allowing attackers to access the Web GUI without authentication. Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later ...
PT-2025-25678 · Nasa Core · Nasa Core
Name of the Vulnerable Software and Affected Versions: Nasa Core versions through 6.3.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions through 6.3.2, update...
QNAP QTS Multiple OpenSSH Vulnerabilities (QSA-25-14)
QNAP QTS is prone to multiple vulnerabilities in OpenSSH. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescriptio...
CVE-2024-37396
A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...
CVE-2024-37396
A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...
PT-2025-24355 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.3 Description: The issue allows a local attacker to cause apps to crash through type confusion. Recommendations: For versions prior to 5.0.3, update to a version that contains a fix for this issue. At the...
PT-2025-24336 · Unknown · Ltl Freight Quotes – Daylight Edition +2
Name of the Vulnerable Software and Affected Versions: LTL Freight Quotes – Freightview Edition versions 1.0.11 and earlier LTL Freight Quotes – Daylight Edition versions 2.2.6 and earlier LTL Freight Quotes – Day & Ross Edition versions 2.1.10 and earlier Description: The issue is related to...
PT-2025-24172 · WordPress · Wp Wham All Currencies For Woocommerce
Name of the Vulnerable Software and Affected Versions: WP Wham All Currencies for WooCommerce versions n/a through 2.4.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that a...
PT-2025-23944 · Unknown · Bdthemes Element Pack Pro
Name of the Vulnerable Software and Affected Versions: BdThemes Element Pack Pro versions prior to 8.0.0 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions prior to 8.0.0, upda...
PT-2025-23508 · Sslh +1 · Sslh +1
Name of the Vulnerable Software and Affected Versions: sslh versions prior to 2.2.4 Description: A Use of Out-of-range Pointer Offset issue in sslh leads to denial of service on some architectures. Recommendations: For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue...
CVE-2024-55892
TYPO3 is a free and open source Content Management Framework. Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs e.g., via a query parameter and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the...
CVE-2023-39342
Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI dangerzone-cli command logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is...
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
CVE-2023-32310
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
CVE-2025-3945 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...
CVE-2025-47291
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not...
CVE-2025-47941
The TYPO3 CVE-2025-47941 vulnerability affects TYPO3 CMS where the MFA dialog during backend login can be bypassed due to insufficient enforcement of access restrictions on backend routes. Exploitation requires valid backend credentials and MFA can be bypassed after authentication. Affected versi...
PT-2025-22117 · Salesforce · Omnis Studio
Name of the Vulnerable Software and Affected Versions: Salesforce OmniStudio versions prior to Spring 2025 Description: The issue is related to an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio DataMapper, which allows the exposure of encrypted data. Recommendations:...