121 matches found
PT-2025-21979 · WordPress · Wpadverts
Name of the Vulnerable Software and Affected Versions: WPAdverts versions through 2.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This enables potential attackers to inject...
PT-2025-22000 · Asmedia · Asmedia Tuaug4
Name of the Vulnerable Software and Affected Versions: Asmedia Tuaug4 versions 1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...
CVE-2025-47931
LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting XSS Vulnerability in the group name parameter of the http://localhost/poller/groups form. This vulnerability allows attackers to inject malicious scripts into web...
PT-2025-21701 · Nasa Core · Nasa Core
Name of the Vulnerable Software and Affected Versions: Nasa Core versions through 6.3.2 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...
PT-2025-21393 · WordPress · Happyforms
Name of the Vulnerable Software and Affected Versions: Happyforms versions prior to 1.26.3 Description: The issue concerns the Happyforms plugin for WordPress, where certain settings are not properly sanitized and escaped. This could allow high-privilege users, such as administrators, to perform...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21687)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21687 advisory. - In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of...
MediaWiki < 1.39.9, 1.40.x < 1.41.3, 1.42.x < 1.42.2 Information Disclosure Vulnerability - Windows
MediaWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CBL Mariner 2.0 Security Update: kernel (CVE-2025-21761)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21761 advisory. - In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in...
PT-2025-18157
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 138 Thunderbird versions prior to 138 Description A security issue in Firefox and Thunderbird allows malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that has invoked t...
PT-2025-17818 · Unknown · Shamim Hasan Custom Functions Plugin
Name of the Vulnerable Software and Affected Versions: Shamim Hasan Custom Functions Plugin versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For Shamim Hasan Custom Functions Plugin versions 1.1 and earlier...
Tenable Nessus Privilege Escalation Vulnerability (TNS-2025-05)
Tenable Nessus is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2025-16422
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 Description The issue allows a low-privileged attacker with network access via multiple protocols to compromise MySQ...
PT-2025-16362 · Openrazer +1 · Openrazer +1
Name of the Vulnerable Software and Affected Versions: OpenRazer versions prior to 3.10.2 Description: The issue allows an attacker to cause the custom kernel driver to read more bytes than provided by user space by writing specially crafted data to the matrix custom frame file. This data will be...
PT-2025-15597 · Otwthemes · Otwthemes Widgetize Pages Light
Name of the Vulnerable Software and Affected Versions: OTWthemes Widgetize Pages Light versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...
PT-2025-15469 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla versions up to 4.4.12 and 5.2.5 Description: The issue is related to insufficient state checks, which create a vector allowing attackers to bypass 2FA checks. This leads to improper authentication. Recommendations: For Joomla versions ...
PT-2025-15293 · Unknown · Apollo-Compiler
Name of the Vulnerable Software and Affected Versions: apollo-compiler versions prior to 1.27.0 Description: The issue concerns a query-based compiler for the GraphQL query language. Prior to version 1.27.0, a vulnerability allowed queries with deeply nested and reused named fragments to be...
PT-2025-14984 · Woocommerce · Ni Woocommerce Cost Of Goods
Name of the Vulnerable Software and Affected Versions: Anzar Ahmed Ni WooCommerce Cost Of Goods versions 3.2.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS attacks. This means that an attacker can inject...
PT-2025-14182 · Publitio · Publitio
Name of the Vulnerable Software and Affected Versions: Publitio versions 2.1.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For Publitio versions 2.1...
CBL Mariner 2.0 Security Update: php (CVE-2025-1217)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1217 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...
PT-2025-13864 · Drupal · Drupal Two-Factor Authentication
Name of the Vulnerable Software and Affected Versions: Drupal Two-factor Authentication TFA versions 0.0.0 through 1.10.0 Description: The issue is related to an Incorrect Authorization vulnerability in the Drupal Two-factor Authentication TFA module, allowing Forceful Browsing. Recommendations:...