CVE-2025-12537

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

PT-2025-51336

Name of the Vulnerable Software and Affected Versions CTCMS Content Management System versions up to 2.1.2 Description A weakness exists in CTCMS Content Management System up to version 2.1.2. This issue affects an unknown function within the /ctcms/apps/libraries/CT Parser.php library of the...

EUVD-2025-203284

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

PT-2025-51147

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

WordPress plugin Addon Elements for Elementor 跨站脚本漏洞

WordPress Addon Elements for Elementor is a plugin for the Elementor page builder designed to extend its functionality by providing additional widgets, templates and tools. WordPress Addon Elements for Elementor suffers from a cross-site scripting vulnerability that stems from the program's...

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the absence of the sandbox attribute in elements within the Blogs widget, which allows attackers to inject malicious scripts via crafted content and gain access to the parent page through...

CVE-2025-66400

A flaw was found in mdast-util-to-hast. This vulnerability allows rendered user supplied markdown Markdown code elements to appear like the rest of the page via character references. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Re...

CVE-2025-14046 Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by...

CVE-2025-14046

CVE-2025-14046 affects GitHub Enterprise Server; improper input neutralization allows user-supplied HTML to inject DOM elements with conflicting IDs, shadowing server-initialized data islands and causing unintended server-side POST requests or other unauthorized backend interactions. Exploitation...

CVE-2025-63076

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

CVE-2025-63071

Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.15...

CVE-2025-62082

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through = 1.2.9...

Lightweight Security for Private Networks: Real-World Evaluation of WireGuard

This paper explores WireGuard as a lightweight alternative to IPsec for securing the user plane as well as the control plane in an industrial Open RAN deployment at the Adtran Terafactory in Meiningen. We focus on a realistic scenario where external vendors access their hardware in our 5G factory...

EUVD-2025-201941

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

EUVD-2025-202039

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through = 1.2.8...

CVE-2025-63076

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

CVE-2025-62082

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through = 1.2.9...

CVE-2025-63076 WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

CVE-2025-63076

CVE-2025-63076 affects The7 Elements (dt-the7-core) up to version 2.7.11, enabling PHP Local File Inclusion due to improper filename control in Include/Require. Multiple sources (Wordfence, CVE listings) confirm this vulnerability and indicate it has been patched. The advisory notes the issue as ...

CVE-2025-63076 WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...