Orejime 跨站脚本漏洞

Orejime is an open source user consent management tool from Boscop. A cross-site scripting vulnerability exists in Orejime versions prior to 2.3.2, which stems from embedded javascript code in the data attribute and could lead to the execution of malicious code...

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute via the SetValue method in the CookieHelper class. The requireSSL...

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

PT-2025-52393

Name of the Vulnerable Software and Affected Versions NSF Unidata NetCDF-C affected versions not specified Description A flaw exists in the parsing of attribute names within NSF Unidata NetCDF-C, leading to a stack-based buffer overflow. This allows remote attackers to execute arbitrary code on...

(0Day) NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

PT-2025-52324

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A configuration issue in Kentico Xperience related to cookie security allows attackers to bypass SSL requirements when setting administration cookies through the web.config file. Th...

Mozilla Firefox < 2.0.0.8

The version of Firefox installed on the remote Windows host is prior to 2.0.0.8. It is, therefore, affected by a vulnerability as referenced in the mfsa2007-33 advisory. - Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language...

CVE-2025-14385 WP Recipe Maker <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 10.2.3 due to insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-roundup-item shortcode. This makes ...

SUSE CVE-2025-68242

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...

CVE-2025-13610

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RMForms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input sanitization and output...

CVE-2025-68242 NFS: Fix LTP test failures when timestamps are delegated

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...

CVE-2025-40355

CVE-2025-40355 pertains to the Linux kernel: sysfs may touch a group attribute ownership before validating visibility, triggering WARN_ON in _dev_change_net_namespace(). The fixes introduce a visibility check (is_visible) before touching the attribute, as described in the related commits (e.g., 0...

CVE-2025-40352

The CVE-2025-40352 entry concerns a Linux kernel issue in the Mellanox mlxbf-pmc driver. The vulnerability arises from missing initialization of the count_clock data structure’s sysfs attributes, which triggers a lockdep-related warning (CONFIG_LOCK_STAT) during BlueField-3 boot, specifically a m...

📄 WIX.com Cross Site Scripting

WIX.com appears to suffer from a cross site scripting vulnerability. The researcher contacted them months ago and they have ignored his report, so we are posting this to encourage them to address it and to let their users know that they could be affected by this vulnerability. Titles: WIX.com /...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mlxbf-pmc not initializing the sysfs attribute, which could result in a NULL pointer dereference...

Linux Distros Unpatched Vulnerability : CVE-2025-68266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits mode fie...

PT-2025-51568

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The mlxbf pmc driver in the Linux kernel does not call sysfs attr init during the initialization of the "count clock" data structure. This causes a warning related to lock-related debug...

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...