PT-2025-47883

Name of the Vulnerable Software and Affected Versions WordPress eCommerce Plugin versions through 2.9.0 Description The WordPress eCommerce Plugin does not properly sanitize and escape a parameter before displaying it on a page. This can lead to a Reflected Cross-Site Scripting XSS issue,...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

EUVD-2025-198423

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

CVE-2025-58097

CVE-2025-58097 concerns LogStare Collector where the installation directory has incorrect access permissions. The issue allows a non-administrative user to manipulate files in the installation path and execution of arbitrary code with administrative privileges (local attack). The CVSS metrics ind...

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-52669

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system...

CVE-2025-52671

CVE-2025-52671 describes an information-disclosure vulnerability in Revive Adserver where SQL error messages reveal debugging details, enabling non-admin users to learn software, PHP, and database versions. Connected sources (CNVD, RH, EUVD, NVD, OSV, CVE/CVEList, and a HackerOne report) consiste...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-65094 WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

WBCE CMS 授权问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. An authorization issue vulnerability exists in WBCE CMS versions prior to 1.6.4, which stems from a low-privileged user can elevate privileges to the administrators group by manipulating the...

XWiki AdminTools application doesn't set permissions on the AdminTools space

Impact Users without admin rights have access to AdminTools.SpammedPages. Details View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. Workarounds Set the view rights for the AdminTools space to ...

CVE-2025-4617

CVE-2025-4617 affects Palo Alto Networks Prisma® Browser on Windows. The vulnerability is an insufficient policy enforcement that lets a locally authenticated non-admin user bypass the browser’s screenshot control feature, potentially exposing sensitive screen content. There are no explicit explo...

Palo Alto Prisma Browser 安全漏洞

Palo Alto Prisma Browser is a secure enterprise browser from Palo Alto USA. A security vulnerability exists in Palo Alto Prisma Browser that stems from insufficient input validation, which could allow locally authenticated, non-administrative users to bypass browser security controls...

Palo Alto Prisma Browser 安全漏洞

Palo Alto Prisma Browser is a secure enterprise browser from Palo Alto USA. A security vulnerability exists in Palo Alto Prisma Browser that stems from insufficient policy enforcement and could allow locally authenticated, non-administrative users to bypass the screenshot control feature...

CVE-2025-11560

CVE-2025-11560 — Concrete details exist for the WordPress plugin. The affected software is the Team Members Showcase WordPress plugin (versions before 3.5.0; e.g., ≤3.4.0). The root cause is a lack of sanitization/escaping of a parameter before outputting it on the page, causing a reflected cross...

CVE-2025-12020

The CVE-2025-12020 entry concerns the WordPress plugin Double the Donation. The connected documents provide concrete details: the plugin versions up to and including 2.0.0 are vulnerable to Stored Cross-Site Scripting via admin settings, caused by insufficient input sanitization and output escapi...

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...