CVE-2025-13692 Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

WordPress Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) plugin <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements for Elementor Premium versions = 2.0...

WordPress Unlimited Elements For Elementor and Unlimited Elements For Elementor plugin <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0...

PT-2025-48269

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

WordPress plugin Unlimited Elements For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2025-199728

Improper neutralization of special elements used in an OS command 'command injection' in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the allowlist, resulting in arbitrary code execution...

CVE-2025-55055

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

WordPress Grand Restaurant Theme Elements for Elementor plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Grand Restaurant Theme Elements for Elementor versions = 2.1.1...

Google Chrome Code Problem Vulnerability (CNVD-2025-29238)

Google Chrome is a web browser developed by Google. A security vulnerability exists in the compositing feature in Google Chrome prior to version 140.0.7339.80, which stems from a flaw in the compositing module's handling of UI elements. The vulnerability can be exploited by an attacker to conduct...

CVE-2025-55055

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

CVE-2025-55055

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

CLSA-2025-1763031933 libxml2: Fix of 3 CVEs

CVE-2025-9714: additional fixes - CVE-2025-24928: fix stack-based buffer overflow in xmlSnprintfElements in valid.c - CVE-2024-56171: fix use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990916)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990916 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2017-17512)

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. This plugin...

kernel: RDMA/rxe: Fix the qp flush warnings in req

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. 920.617269 WARNING: CPU: 1 PID: 21 at...

kernel: usbnet: ipheth: use static NDP16 location in URB

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, so it was possible f...

CVE-2025-64347

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

CVE-2025-64347

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...