Security Bulletin: IBM Watson Discovery Catridge affected by vulnerability in tomcat-embed-core-10.1.35.jar

Summary IBM Watson Discovery Catridge contains a vulnerable version of tomcat-embed-core-10.1.35.jar Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.104.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-9.0.104.jar Vulnerability Details CVEID:CVE-2025-49125 DESCRIPTION: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted...

Linux Distros Unpatched Vulnerability : CVE-2017-6817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds. CVE-2017-6817 Note that Nessus relies on...

CVE-2025-6221

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

Linux Distros Unpatched Vulnerability : CVE-2018-6091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin...

CVE-2025-7507

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-49061

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in perteus Porn Videos Embed porn-videos-embed allows Stored XSS.This issue affects Porn Videos Embed: from n/a through = 0.9.1...

CVE-2025-6221 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-6221 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

PT-2025-33524 · WordPress · Embed Bokun

Name of the Vulnerable Software and Affected Versions: Embed Bokun plugin for WordPress versions up to and including 0.23 Description: The Embed Bokun plugin for WordPress is susceptible to Stored Cross-Site Scripting via the align parameter due to insufficient input sanitization and output...

WordPress plugin Embed Bokun 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-7507

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-7507 elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-7507

CVE-2025-7507 concerns the WordPress plugin elink – Embed Content . Affected versions up to 1.1.0 are vulnerable to a malicious redirect due to insufficient input validation in the elink shortcode that allows unrestricted URLs. Exploitation requires an authenticated actor with at least Contributo...

CVE-2025-7507 elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...

PT-2025-33458 · WordPress · Elink – Embed Content

Name of the Vulnerable Software and Affected Versions: elink – Embed Content plugin for WordPress versions up to and including 1.1.0 Description: The elink – Embed Content plugin for WordPress is susceptible to malicious redirection due to insufficient restriction of URLs supplied through the eli...

WordPress plugin elink – Embed Content 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

Linux Distros Unpatched Vulnerability : CVE-2025-8029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1,...

Malicious code in markdown-it-embed (npm)

The package markdown-it-embed was found to contain malicious code...

MAL-2025-8963 Malicious code in @malware-test-stilt-norks-embed-cnida/test-mlw3-stilt-norks-embed-cnida (npm)

The package @malware-test-stilt-norks-embed-cnida/test-mlw3-stilt-norks-embed-cnida was found to contain malicious code...