CVE-2025-23614

CVE-2025-23614 is a reflected XSS in WordPress Additional Logins (Nik Sudan) affecting versions prior to 1.0.0. The issue arises from improper input neutralization during web page generation, enabling reflected Cross-Site Scripting. CVSS v3.1 base score 7.1 (HIGH) with NETWORK attack vector, LOW ...

WordPress plugin WordPress Additional Logins 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2025-4975 · WordPress · Nik Sudan Wordpress Additional Logins

Name of the Vulnerable Software and Affected Versions: Nik Sudan WordPress Additional Logins versions prior to 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker c...

SUSE CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

AZL-56198 CVE-2024-11187 affecting package dhcp for versions less than 4.4.3.P1-3

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

DEBIAN-CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

ALPINE-CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

AZL-56097 CVE-2024-11187 affecting package bind for versions less than 9.20.5-1

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

CVE-2024-11187 Many records in the additional section cause CPU exhaustion

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

fs/ntfs3: Additional check in ntfs_file_release

...

UBUNTU-CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

CVE-2025-24094

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access user-sensitive data...

About the security content of macOS Sonoma 14.7.3

About the security content of macOS Sonoma 14.7.3 This document describes the security content of macOS Sonoma 14.7.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

WordPress plugin Product Table by WBW SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

WordPress WordPress Additional Logins plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WordPress Additional Logins versions = 1.0.0...

GO-2025-3380 Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server

Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

Bypass XSS sanitizer using the javascript protocol and special characters Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0:...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20241218T202206 2024-12-18T20:22:06Z. jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2024-3333 Update to version 0.0.20241218T163557 2024-12-18T16:35:57Z. jscPED-11136 Go CVE...

CVE-2024-12908

Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...

WordPress plugin WooCommerce Additional Fees On Checkout (Free) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...