CVE-2025-68846

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

PCI: endpoint: Avoid creating sub-groups asynchronously

...

CVE-2025-68846

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2025-68846

CVE-2025-68846 is a Reflected XSS affecting WordPress plugin Asynchronous Javascript (versions 1.3.5 (or later as released). Technical details are supported by connected Red Hat, NVD, CVE, and PatchStack entries indicating an XSS vulnerability in this plugin and the stated affected range; no exp...

CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2026-21627

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...

CVE-2025-13438

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...

Tassos Framework 访问控制错误漏洞

Tassos Framework is a development framework created by Tassos Marinos. The Tassos Framework has a security vulnerability related to access control. This vulnerability arises from insufficient restrictions during the processing of certain AJAX requests, which may lead to improper invocation of...

PT-2026-21017

Name of the Vulnerable Software and Affected Versions Joomla affected versions not specified Description The issue stemmed from how the Tassos Framework plugin processed certain AJAX requests via Joomla’s com ajax entry point. In specific scenarios, internal framework functionality was accessible...

PT-2026-21108

Name of the Vulnerable Software and Affected Versions Asynchronous Javascript versions n/a through 1.3.5 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting condition. This allows for the executio...

CVE-2025-71242

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

CVE-2026-0912

CVE-2026-0912 concerns the WordPress plugin Toret Manager (versions up to 1.2.7). Wordfence notes an authenticated (Subscriber+) Arbitrary Options Update vulnerability via AJAX actions due to missing capability checks in trman_save_option and trman_save_option_items, enabling an attacker to updat...

SUSE CVE-2025-71233

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...

PT-2026-20776

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load track note ajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated...

PT-2026-20599

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno update page title. This makes it possible for...

SPIP 安全漏洞

SPIP is an open-source software created by SPIP for creating Internet websites. Versions prior to SPIP 4.3.6, 4.2.17, and 4.1.20 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization checks when displaying content loaded via AJAX, which could lead to...

Linux Distros Unpatched Vulnerability : CVE-2025-71242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when...

CVE-2025-71233

CVE-2025-71233 affects the Linux kernel PCI endpoint implementation. The issue arises from asynchronous sub-group creation via delayed work, which could NULL-dereference when the driver directory is removed before the work completes. The documented fix is to replace configfs_register_group() with...