CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

PT-2025-29835 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog versions through 2.5.17 Description: Emlog is a website building system. A cross-site scripting XSS issue exists that allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality...

CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...

CVE-2025-4369 Companion Auto Update <= 3.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via update_delay_days parameter

The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘updatedelaydays’ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-4593 WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rpuserdata' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

CVE-2025-53515 Advantech iView SQL Injection

A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL...

CVE-2025-46704 Advantech iView Path Traversal

A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing...

CVE-2025-34098 Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection

A path traversal vulnerability exists in Riverbed SteelHead VCX appliances confirmed in VCX255U 9.6.0a due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter...

CVE-2025-6976 Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2025-7059 Simple Featured Image <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via slideshow Parameter

The Simple Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideshow’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5464

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information...

CVE-2025-6743

The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiplemarkers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-6746 WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server,...

CVE-2025-5537 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-42960

SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentialit...

Fortinet多款产品 SQL注入漏洞

Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet Fortinet FortiManager VM is a centralized network security management...

CVE-2025-47228

CVE-2025-47228 affects Netmake ScriptCase, Production Environment extension, up to version 9.12.006(23). A shell injection flaw exists in the SSH connection settings that, when paired with authenticated access and crafted HTTP requests, allows an attacker to execute system commands on the server....

Exploit for Unrestricted Upload of File with Dangerous Type in Wpvivid Migration\,_Backup\,_Staging

🚨 Migration, Backup, Staging – WPvivid Backup & Migration 📈...

CVE-2025-6673 Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode

The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsceprmmenulink shortcode in versions up to, and including 2.0.1, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6944 Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncodehltext' and 'uncodetexticon' shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...