8493 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of EA inode reference counts, which could lead to data corruption...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990796)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990796 advisory. In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs Kernel iterates over ATTRRECORDs in mft record in...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990736)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990736 advisory. In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series ntfs: fix bugs about Attribute, v2. This...
Linux Distros Unpatched Vulnerability : CVE-2025-40148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dcstream cursor attribute functions The function...
CVE-2025-64501
ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...
Reverse Tabnabbing Attacks
jupyterlab is vulnerable to Reverse Tabnabbing attacks. The vulnerability is due to missing the noopener attribute in links generated by LaTeX typesetters in Markdown cells and files, which allows an attacker to exploit links with target=blank to potentially hijack the originating browser tab...
EUVD-2025-60960
The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter of the 'geopost' shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-60941
The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...
EUVD-2025-60961
The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skipto' shortcode in all versions up to, and including, 1.4.4. This is due to insufficient input sanitization and output escaping on the 'time' attribute. This makes it possible for authenticated...
CVE-2025-12754
The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter of the 'geopost' shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12651
The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...
CVE-2025-11869
The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...
CVE-2025-11829
The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the five9-chat shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11869 Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...
CVE-2025-11869 Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...
CVE-2025-11869
CVE-2025-11869 : The WordPress plugin Precise Columns (versions
CVE-2025-11805
The CVE CVE-2025-11805 concerns the WordPress plugin Skip to Timestamp (versions
CVE-2025-11805 Skip to Timestamp <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skipto' shortcode in all versions up to, and including, 1.4.4. This is due to insufficient input sanitization and output escaping on the 'time' attribute. This makes it possible for authenticated...
CVE-2025-11805 Skip to Timestamp <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skipto' shortcode in all versions up to, and including, 1.4.4. This is due to insufficient input sanitization and output escaping on the 'time' attribute. This makes it possible for authenticated...
CVE-2025-11829 Five9 Live Chat <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the five9-chat shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...