572 matches found
CVE-2025-54778
A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
PT-2026-3600
A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...
PT-2026-8168
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 156 Description The Linux kernel contained a flaw in the net/mlx5e module related to Traffic Control TC steering flows. Specifically, the issue occurred during the deletion of TC steering flows, where the...
PT-2026-4661
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking scheduler, specifically within the sch qfq Stochastic Fairness Queueing component. The qfq change class function contains an error that can...
CVE-2025-68143
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...
CVE-2025-13663
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...
CVE-2025-13663
CVE-2025-13663 concerns the Quartus Prime Pro Installer for Windows, where, under certain circumstances, the installer does not check the permissions of the target Quartus installation directory if the directory already exists. The issue is documented across multiple sources (NVD, Red Hat, CVE re...
EUVD-2025-202852
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...
CVE-2025-13663 Quartus Prime Pro Edition Installer Advisory
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...
PT-2025-50725
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...
PT-2025-50301
Name of the Vulnerable Software and Affected Versions Elated Membership plugin for WordPress versions prior to 1.3 Description The Elated Membership plugin for WordPress is susceptible to Authentication Bypass in versions up to 1.2. The plugin does not properly log in a user when data is verified...
CVE-2025-13922
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...
EUVD-2025-201512
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...
CVE-2025-13922
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...
CVE-2025-13922 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...
CVE-2025-13922 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...
CVE-2025-13922
CVE-2025-13922 affects Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI (WordPress plugin). Time-based blind SQL Injection via the existing_terms_orderby parameter in the AI preview AJAX endpoint allows authenticated contributors (with AI metabox permissions) to append SQL queries,...