CVE-2025-14370 Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

SUSE SLES12 Security Update : regionServiceClientConfigAzure (SUSE-SU-2025:03169-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03169-1 advisory. This update for regionServiceClientConfigAzure contains the following fixes: - Update to version 3.0.0. bsc1246995 - SLE 16 python-requests...

com.github.wmixvideo:nfe (>=3.1.40 <=4.0.41), com.github.zuinnote:hadoopoffice-flinkts_2.11 (=1.7.0) +239 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=3.0.0 <=3.0.2)

org.apache.santuario:xmlsec MAVEN version =3.0.0, =3.1.40, =2022.5.1, =2022.5.1, =2022.5.1, =2022.5.1, =2022.5.1, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.4.0 and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...

Fastify Resource Management Error Vulnerability

Fastify is an OpenJS Foundation open source web framework for Node.js. A resource management error vulnerability exists in Fastify versions v2.14.1 and v3.0.0-rc.4. An attacker can exploit this vulnerability to cause resource exhaustion denial of service...

CVE-2020-8952

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter...

Apache Pluto Information Disclosure Vulnerability

Apache Pluto is the United States Apache Apache Software Foundation set of Portlet container runtime environment. An information disclosure vulnerability exists in the PortletV3AnnotatedDemo Multipart Portlet war file code in Apache Pluto version 3.0.0, which stems from the program's failure to...

LOCKON EC-CUBE Access Privilege Vulnerability (CNVD-2016-02686)

LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. An access privilege vulnerability exists in LOCKON EC-CUBE versions 3.0.0 through 3.0.9. A remote attacker can exploi...

LOCKON EC-CUBE Cross-Site Request Forgery Vulnerability (CNVD-2016-02684)

LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. A cross-site request forgery vulnerability exists in LOCKON EC-CUBE versions 3.0.0 through 3.0.9. An attacker can...