PT-2025-32686 · Kanboard · Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.47 Description: Kanboard is project management software based on the Kanban methodology. A deserialization issue in ProjectEventActvityFormatter allows administrators to instantiate arbitrary PHP objects by...

📄 VMware vSphere Client 8.0.3.0 Cross Site Scripting

VMware vSphere Client version 8.0.3.0 suffers from a cross site scripting vulnerability. VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec...

Ghost CMS 5.42.1 - Path Traversal

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit Author:ibrahimsql https://github.com/ibrahimsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1 """ import requests import s...

VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)

VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...

CVE-2025-41659

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Home Folder process on the Members Dashboard page. An attacker can execute arbitrary scripts in the context of another user's session by setting up a...

CVE-2025-8573

Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...

PT-2025-31998 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.4.2 Description: Concrete CMS versions 9 through 9.4.2 are susceptible to Stored Cross-Site Scripting XSS originating from the Home Folder on the Members Dashboard page. A malicious administrator could...

August 5, 2025, update for OneNote 2016 (KB5002761)

August 5, 2025, update for OneNote 2016 KB5002761 This article describes update 5002761 for Microsoft OneNote 2016 that was released on August 5, 2025.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

CVE-2025-41659

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted...

CVE-2025-41659

CVE-2025-41659 concerns the CODESYS Control runtime system where a low-privileged, remote attacker can access the PKI folder to read/write certificates and keys. The described outcome is extraction of sensitive data or the ability to trust certificates, with all services remaining available but c...

PT-2025-31799

Name of the Vulnerable Software and Affected Versions CODESYS Control affected versions not specified Description A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system. This allows the attacker to read and write certificates and their keys, potentially...

PT-2025-32352

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13 Description A path traversal issue in the Windows version of WinRAR allows attackers to execute arbitrary code by crafting malicious archive files. The flaw enables attackers to use Alternate Data Streams ADS to...

WordPress Kallyas theme <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability

Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.21.0...

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-6989

CVE-2025-6989 (KALLYAS theme for WordPress) is an authenticated (Contributor+) vulnerability in all versions up to 4.21.0 where delete_font() uses insufficient file-path validation, enabling an attacker to delete arbitrary folders on the server. The issue, with CVSS 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:...

CVE-2025-6989 Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-6989 Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

WordPress plugin Kallyas 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...