1139 matches found
CVE-2022-38695
In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed...
CVE-2025-43268
The CVE-2025-43268 entry concerns macOS Sequoia. A permissions issue could allow a malicious app to gain root privileges. Apple fixed this in macOS Sequoia 15.6. The CVE is listed under the Kernel component (and related Apple security content). Mitigation is to update to Sequoia 15.6 or later as ...
CVE-2025-43268
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges...
CVE-2025-43268
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges...
CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
CVE-2025-41415
The CVE-2025-41415 issue affects AVEVA PI Integrator and, per multiple sources, could allow an authenticated user with privileges to publication targets to retrieve sensitive information, enabling further access to downstream resources. The CISA ICS advisory (ICSA-25-224-04) notes risks such as d...
CVE-2025-8089
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-8089
CVE-2025-8089 corresponds to a stored XSS in the WordPress Advanced iFrame plugin. The vulnerability exists in the parameter for versions up to and including 2025.6, due to insufficient input sanitization and output escaping. Impact: authenticated attackers with contributor-level access or highe...
CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
PT-2025-33538 · WordPress · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.7 Description: The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the additional parameter due to insufficient input sanitization and output...
Malicious code in @leaffm/leaf-connect-additional-lengths (npm)
The package @leaffm/leaf-connect-additional-lengths was found to contain malicious code...
MAL-2025-8373 Malicious code in @leaffm/leaf-connect-additional-lengths (npm)
The package @leaffm/leaf-connect-additional-lengths was found to contain malicious code...
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-43230
The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data...
PT-2025-28062 · Undefined · Undefined
CVE-2025-1772 Rejected reason https://t.co/GPpU0j8oWl...
CVE-2025-53271
Cross-Site Request Forgery CSRF vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order Filters for WooCommerce: from n/a through = 1.22...
CVE-2025-53271
Cross-Site Request Forgery CSRF vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order Filters for WooCommerce: from n/a through = 1.22...
CVE-2025-53271 WordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order Filters for WooCommerce: from n/a through = 1.22...
WordPress plugin Additional Order Filters for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Additional Order Filters for WooCommerce plugin, which stems from the WEB application not adequately verifying...