17 matches found
CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...
CLEANSTART-2026-PE63912 Security fixes for CVE-2021-3538, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.15.0-r0, 2.15.0-r1
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-13596 Improper Error Handling Leading to Sensitive Information Disclosure in CIGES ≤ 2.15.6
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...
CVE-2025-47650
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Infility Infility Global infility-global allows Path Traversal.This issue affects Infility Global: from n/a through = 2.15.06...
XWiki Contrib Mocca Calendar Application 跨站脚本漏洞
XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the title of the View Events page...
XWiki Contrib Mocca Calendar Application 跨站脚本漏洞
XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the background or text color fields...
ARM SCP-Firmware 安全漏洞
ARM SCP-Firmware is a firmware driver from ARM UK. A security vulnerability exists in ARM SCP-Firmware version 2.15.0 and earlier, which stems from a specially crafted SCMI message that causes the SCP to experience a Usage Fault and crash...
PT-2025-1703
Name of the Vulnerable Software and Affected Versions SCP-Firmware versions up to and including 2.15.0 Description Specifically crafted SCMI messages sent to an SCP may lead to a Usage Fault and crash the SCP. Recommendations For SCP-Firmware versions up to and including 2.15.0, consider...
WordPress Tourfic plugin <= 2.15.3 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Thái An Thái An in WordPress Plugin Tourfic versions = 2.15.3...
WordPress Crypto plugin <= 2.15 - Cross-Site Request Forgery to Authentication Bypass vulnerability
Cross-Site Request Forgery to Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.15...
DEBIAN-CVE-2024-33602
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...
glibc 安全漏洞
glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc version 2.15, which stems from a potential stack-based buffer overflow if the fixed-size cache of the Name Service Cache Daemon nscd is exhausted...
CVE-2024-1396
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Vulnerability fixed in Apache Log4j2
A serious vulnerability has been fixed in Apache Log4j, a java log tool used by many Web applications and services. The vulnerability makes it possible for an unauthenticated remote malicious person to execute arbitrary code with the permissions of the Web server. Because Web servers generally ru...
PT-2020-15397 · Jenkins · Jenkins Cas Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CVS Plugin versions 2.15 and earlier Description: A cross-site request forgery issue allows attackers to create and manipulate tags, and to connect to an attacker-specified URL, by exploiting HTTP endpoints that do not require POST...
Juniper AppFormix Elevation of Privilege Vulnerability
Juniper AppFormix is a Juniper Networks optimization and management software platform for public, private and hybrid clouds. A security vulnerability exists in Juniper AppFormix version 2.7, version 2.11 prior to 2.11.3, and version 2.15 prior to 2.15.2. An attacker could exploit the vulnerabilit...
Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities in the glibc package up to version 2.15-r3 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...