1602 matches found
CVE-2025-50023
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...
CVE-2025-50023 WordPress CodePen Embed Block plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...
CVE-2025-50023
CVE-2025-50023 refers to a stored XSS vulnerability in the WordPress CodePen Embed Block (CodePen Embed Block) caused by improper neutralization of input during web page generation. Affected version range is up to 1.1.1 (per NVD/related records). Targeted component: CodePen Embed Block; vulnerabi...
CVE-2025-50023 WordPress CodePen Embed Block plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...
WordPress plugin CodePen Embed Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CodePen Embed Block plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
PT-2025-26380 · Unknown · Codepen Embed Block
Name of the Vulnerable Software and Affected Versions: CodePen Embed Block versions through 1.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...
WordPress CodePen Embed Block plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin CodePen Embed Block versions = 1.2.0...
Integer Overflow or Wraparound
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via file uploads through servlet containers. An attacker can craft malicious multipart/form-data requests with specially crafted...
Untrusted Search Path
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Untrusted Search Path via the icacls.exe call during Windows installation, when a full path is not specified. An attacker can execute arbitrary code with elevate...
Authentication Bypass Using an Alternate Path or Channel
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to how PreResources or PostResources handle pre-resources or post-resources mounted at non-root...
Allocation of Resources Without Limits or Throttling
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the uniform handling of request parameters and parts in multipart requests. An attacker can craft a...
Improper Handling of Case Sensitivity
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the pathInfo component of a URI mapped to the CGI servlet. An attacker can bypass security constraints that apply to the...
Security Bulletin: IBM Watson Discovery Cartridge is affected by vulnerability in tomcat-embed-core-10.1.33.jar
Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-10.1.33.jar Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to...
MAL-2025-4451 Malicious code in vega-embed-v5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f598c2282a0fd068c54ef02bd7ee8232523d615d6a0144b450e6002b0c95ab5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vega-embed-v5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f598c2282a0fd068c54ef02bd7ee8232523d615d6a0144b450e6002b0c95ab5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vega-embed-v6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef7c87f1683f40878cd29b73e1cdd93c106e07459ed60c1404af7f80af25853e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4452 Malicious code in vega-embed-v6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef7c87f1683f40878cd29b73e1cdd93c106e07459ed60c1404af7f80af25853e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-47642
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through = 3.1.5...
CVE-2025-47642
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through = 3.1.5...
CVE-2025-47642 WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5...