CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

PT-2026-6294

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Shipping...

WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Poystick in WordPress Plugin Bold Page Builder versions = 5.5.2...

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

EUVD-2025-198343

Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...

CVE-2025-64114 ClipBucket v5: SQL Injection possible through ClipBucket Custom Fields plugin

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...

CVE-2025-62424 ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...

ClipBucket 路径遍历漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A path traversal vulnerability exists in ClipBucket version 5.5.2 - 146, which stems from insufficient validation of file load paths and could lead to a path traversal...

CVE-2025-55911

CVE-2025-55911 affects ClipBucket v5.5.2 Build#90. Multiple sources describe a vulnerability in actions/file_downloader.php where the file parameter enables a server-side request/command path that can lead to remote code execution. Exploitation could allow an authenticated user to trigger SSRF or...

Siemens SCALANCE 加密问题漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to Industrial Control System ICS devices, including Programmable Logic Controllers PLCs and Human Machine Interface HMI systems. A vulnerability exists in Siemens SCALANCE due to an encryption issue, which arises...

mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Apr 2012)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690...