PT-2025-30968 · WordPress · Kallyas

Name of the Vulnerable Software and Affected Versions: Kallyas versions prior to 4.21.1 Description: The Kallyas theme for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the delete font function. Authenticated attackers possessing...

CVE-2025-26397

SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication fro...

CVE-2025-52786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kingdom Creation Media Folder media-folder allows Reflected XSS.This issue affects Media Folder: from n/a through = 1.0.0...

CVE-2025-52786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kingdom Creation Media Folder media-folder allows Reflected XSS.This issue affects Media Folder: from n/a through = 1.0.0...

CVE-2025-52786 WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kingdom Creation Media Folder allows Reflected XSS. This issue affects Media Folder: from n/a through 1.0.0...

CVE-2025-52786 WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kingdom Creation Media Folder media-folder allows Reflected XSS.This issue affects Media Folder: from n/a through = 1.0.0...

CVE-2025-52786

CVE-2025-52786 is a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Media Folder. Affected versions are up to 1.0.0; the root cause is improper input neutralization during web page generation, enabling Reflected XSS. CVSSv3.1 base score is 7.1 (HIGH) with network attack...

WordPress plugin Media Folder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-29814 · Unknown · Kingdom Creation Media Folder

Name of the Vulnerable Software and Affected Versions: Kingdom Creation Media Folder versions through 1.0.0 Description: The software contains a cross-site scripting issue due to improper neutralization of input during web page generation. This allows for reflected cross-site scripting XSS...

CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert allows a perpetrator to execute arbitrary code.

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating ...

Exploit for Link Following in Microsoft

Description This is PoC for CVE-2025-48799, an elevation of pr...

CVE-2025-40593

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0. The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition...

CVE-2025-40593

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0. The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition...

CVE-2025-40593

SIMATIC CN 4100 is affected (all versions

CVE-2025-40593

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0. The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition...

CVE-2025-40593

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0. The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition...

PT-2025-29220 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: A flaw exists that may allow unauthenticated remote code execution when a malicious folder is created via the web interface HTTP when it is enabled. HTTP is disabled by default...

WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Media Folder versions = 1.0.0...

CVE-2025-6546

The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...