CVE-2025-3745

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

CVE-2025-3745

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

kernel: Squashfs: fix handling and sanity checking of xattr_ids count

In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattrids count A Sysbot 1 corrupted filesystem exposes two flaws in the handling and sanity checking of the xattrids count in the filesystem. Both of these flaws cause computation...

WordPress plugin WP Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-36026

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

CVE-2025-36026

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

CVE-2025-36026 IBM Datacap information disclosure

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

IBM Datacap 安全漏洞

IBM Datacap is a document capture and processing software from International Business Machines IBM that captures data from various sources e.g., scanner, email, fax, etc. in paper or electronic documents and converts them into editable and searchable digital formats, which are widely used in...

GHSA-JFJ7-249R-7J2M TabberNeue vulnerable to Stored XSS through wikitext

Summary Arbitrary HTML can be inserted into the DOM by inserting a payload into any allowed attribute of the tag. Details The args provided within the wikitext as attributes to the tag are passed to the TabberComponentTabs class:...

TabberNeue vulnerable to Stored XSS through wikitext

Summary Arbitrary HTML can be inserted into the DOM by inserting a payload into any allowed attribute of the tag. Details The args provided within the wikitext as attributes to the tag are passed to the TabberComponentTabs class:...

TabberNeue 安全漏洞

TabberNeue is an extension to StarCitizen.tools open source. Allows the Wiki to create tabs in pages. A security vulnerability exists in versions prior to TabberNeue 3.1.1 that stems from allowing users to insert arbitrary HTML into the DOM via the tabber tag attribute...

CVE-2025-5125

The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it...

Amplifying Machine Learning Attacks through Strategic Compositions

Machine learning ML models are proving to be vulnerable to a variety of attacks that allow the adversary to learn sensitive information, cause mispredictions, and more. While these attacks have been extensively studied, current research predominantly focuses on analyzing each attack type...

Anonymous Authentication using Attribute-based Encryption

In today's digital age, personal data is constantly at risk of compromise. Attribute-Based Encryption ABE has emerged as a promising approach to privacy-preserving data protection. This paper proposes an anonymous authentication mechanism based on ABE, which allows users to authenticate without...

CVE-2025-5125

The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it...

CVE-2025-5125

The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it...

CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS

The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it...

CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS

The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it...

CVE-2025-6107

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...