EUVD-2025-35331

The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' attribute. This makes it possible for...

CVE-2025-11810 Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' attribute. This makes it possible for...

CVE-2025-11807

CVE-2025-11807 — The Mixlr Shortcode WordPress plugin (versions up to and including 1.0.1) is vulnerable to Stored Cross-Site Scripting via the shortcodes using the url attribute. The issue arises from insufficient input sanitization and output escaping on the url attribute, enabling authenticate...

CVE-2025-11807 Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This makes it possible for authenticated attacker...

CVE-2025-11807 Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This makes it possible for authenticated attacker...

EUVD-2025-35345

The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This makes it possible for authenticated attacker...

CVE-2025-11804

CVE-2025-11804 affects the WordPress plugin JB News Ticker. The vulnerability is a Stored Cross-Site Scripting flaw exploitable via the id attribute of the jbticker shortcode, present in all versions up to 1.0. It requires authenticated access at contributor level or higher, enabling an attacker ...

EUVD-2025-35322

The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

ALSA-2025:18983 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709 thunderbird: firefox: Cross-process information...

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12031

The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...

CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...

AlmaLinux 10 : firefox (ALSA-2025:18154)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:18154 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987671)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987671 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value:...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

VulnCheck KEV: CVE-2017-10986

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcpattr2vp" and a denial of service...

RHEL 10 : thunderbird (RHSA-2025:18320)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:18320 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714...