CVE-2025-13642 ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...

GHSA-VH7G-P26C-J2CW Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code

Impact Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the...

CentOS 8 : cockpit (CESA-2022:2008)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:2008 advisory. - cockpit: pages vulnerable to clickjacking CVE-2021-3660 - cockpit: authenticates with revoked certificates CVE-2021-3698 Note that Nessus has not...