PT-2025-18103

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.5 Apache Tomcat versions 10.1.0-M1 through 10.1.39 Apache Tomcat versions 9.0.0.M1 through 9.0.102 Description The issue is related to the improper neutralization of escape, meta, or control...

CVE-2023-3169

The CVE concerns tagDiv Composer for WordPress (pre-4.2). Concrete detail: unauthenticated stored XSS via the REST endpoint /wp-json/tdw/save_css, exploiting the compiled_css parameter which is stored and later executed when CSS loads. Root cause: authorisation is missing on the REST route and in...

Form Maker < 1.13.60 - Authenticated Stored XSS

The plugin does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue PoC Create or edit a form and add the following payload in the Form Title field "autofocus...

SA95 : VENOM Vulnerability in Virtualization Platforms

SUMMARY The VENOM vulnerability allows a local guest user in affected virtualized platforms to escape from the virtual environment and execute code on the host. An attacker can use this vulnerability to gain complete access to the host and to the host's local network and adjacent systems. AFFECTE...