CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM

A stored Cross-Site Scripting XSS vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser...

CVE-2025-52953

An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...

CVE-2025-52984 Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes

A NULL Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is...

Microsoft Brokering File System 资源管理错误漏洞

Microsoft Brokering File System is a file system from the American company Microsoft. A security vulnerability exists in Microsoft Brokering File System. An attacker could exploit the vulnerability to elevate privileges...

CVE-2023-28911 Arbitrary Channel Disconnection Resulting in Denial of Service

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every...

WordPress Creative Contact Form Plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Creative Contact Form Plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a...

WordPress Click to Chat plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Click to Chat plugin, which stems from insufficient input cleanup and escaping, and can be exploited by an attacker ...

WordPress Advanced Sermons plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Advanced Sermons plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

Red Hat Connectivity Link Information Disclosure Vulnerability

Red Hat Connectivity Link is a Kubernetes network connectivity management platform from Red Hat, USA. Red Hat Connectivity Link suffers from an information disclosure vulnerability that stems from improper key storage, which can be exploited by an attacker to cause information disclosure...

CVE-2025-45526

A denial of service DoS vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content e.g., 100...

CVE-2025-20234

CVE-2025-20234 is a memory overread vulnerability in ClamAV’s UDF file processing that can be exploited by an unauthenticated attacker to cause a DoS via crafted UDF content. Affected: ClamAV UDF scanning; root cause: memory overread during UDF file scanning. Impact: DoS on the ClamAV process; no...

WordPress Avaz plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Avaz plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

CVE-2025-22242 CVE-2025-22242 salt advisory

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

PT-2025-25253 · Joomla · Media Gallery

Name of the Vulnerable Software and Affected Versions: RSMediaGallery! component versions 1.7.4 through 2.1.7 Description: A SQL injection issue was discovered in the dashboard component of the RSMediaGallery! component for Joomla. The problem arises because user-supplied input is not properly...

WordPress File Provider plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress File Provider plugin suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF checks. An attacker could use this vulnerability to all...

CVE-2024-54019

CVE-2024-54019 concerns Fortinet FortiClientWindows. The issue is an improper validation of certificates with host mismatch across FortiClientWindows versions 7.0, and 7.2.0–7.2.6, plus 7.4.0. This flaw allows an unauthenticated attacker to redirect VPN connections (e.g., via DNS spoofing or othe...

Microsoft SharePoint 代码问题漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Ubuntu: Security Advisory (USN-7550-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Delete Vulnerabilities

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by an attacker to cause reachable assertions...