8493 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Do not report a BUG when INLINEDATAFL lacks the system.data xattr attribute. A syzbot fuzed image triggered a BUG in ext4updateinlinedata, when an inode had the INLINEDATAFL flag set but lacked the system.data extended...
CVE-2025-11806
The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'quiz' attribute. This makes it possible for authenticated attackers...
CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
EUVD-2025-37350
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-36249
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-36249
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
Security Bulletin: IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
Summary IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL CVE-2025-36249. Vulnerability Details CVEID:CVE-2025-36249 DESCRIPTION: IBM Jazz for Service Management does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to...
CVE-2025-30191
Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...
CVE-2025-11806
The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'quiz' attribute. This makes it possible for authenticated attackers...
CVE-2025-11806
The CVE-2025-11806 issue affects the Qzzr Shortcode Plugin for WordPress and is a Stored Cross-Site Scripting vulnerability in the qzzr shortcode. Details from connected documents indicate: affected software is Qzzr Shortcode Plugin for WordPress with versions up to and including 1.0.1 (some sour...
EUVD-2025-37288
The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'quiz' attribute. This makes it possible for authenticated attackers...
PT-2025-44577
Name of the Vulnerable Software and Affected Versions Qzzr Shortcode Plugin for WordPress versions prior to 1.0.2 Description The Qzzr Shortcode Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'qzzr' shortcode. This is a result of inadequate input sanitization and...
PT-2025-44624
Name of the Vulnerable Software and Affected Versions IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25 Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure...
CVE-2025-23050
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...
EUVD-2025-37272
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...
CVE-2025-23050
The CVE-2025-23050 affects QLowEnergyController in Qt before 6.8.2. It arises from mishandling malformed Bluetooth ATT commands, causing an out-of-bounds read or a division-by-zero error. Patches are available in Qt 5.15.19, Qt 6.5.9, and Qt 6.8.2. This has been observed in multiple vulnerability...
GHSA-56JV-4WW3-65MW Liferay Portal is vulnerable to XSS in the Blogs widget
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
Liferay Portal is vulnerable to XSS in the Blogs widget
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...