Nix、lix和GNU Guix 安全漏洞

GNU Guix is a product of the U.S. et all is a product of the U.S. GNU community. gnu guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source. lix is a package manager. nix et all is a product of the nix open source. nix is a powerful package...

CVE-2025-5366

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report...

CVE-2025-3773

A sensitive information exposure vulnerability in System Information Reporter SIR 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder...

CVE-2025-3773

A sensitive information exposure vulnerability in System Information Reporter SIR 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder...

CVE-2025-6546

The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-6546

The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-6546 Drive Folder Embedder <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter

The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-6546

CVE-2025-6546 (Drive Folder Embedder, WordPress) The WordPress plugin Drive Folder Embedder (

WordPress Drive Folder Embedder plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tablecssclass Parameter vulnerability discovered by Gilang in WordPress Plugin Drive Folder Embedder versions = 1.1.0...

WordPress plugin Drive Folder Embedder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-26956 · Manageengine · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine Exchange Reporter Plus versions 5722 and earlier Description: The issue concerns a Stored XSS in the report for emails read by folder with subject. This affects the specified versions of ManageEngine Exchange Reporter Plus,...

PT-2025-26952

Name of the Vulnerable Software and Affected Versions: System Information Reporter SIR versions 1.0.3 and prior Description: A sensitive information exposure issue allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder. Recommendations: Fo...

PT-2025-26932 · WordPress · Drive Folder Embedder

Name of the Vulnerable Software and Affected Versions: Drive Folder Embedder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers...

CVE-2025-48067

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...

External Control of File Name or Path

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to External Control of File Name or Path via the upload endpoints. An attacker with the FILEUPLOAD permission can move files from the host into the upload folder, from where they can ...

GO-2025-3740 Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana

Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

📄 Microsoft Windows 11 Version 24H2 Privilege Escalation

This vulnerability affects Microsoft Windows 11 various versions including 24H2, 23H2, and 22H2 and Windows Server 2025. It targets an improper access control in the Windows Cross Device Service, allowing a low-privileged local attacker to overwrite a critical DLL file...

CVE-2025-48961

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Windows before build 39938...

FreeScout Security Bypass Vulnerability (CNVD-2025-20796)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by incorrect configuration of the root folder of the object Storage. An attacker could exploit the...

CVE-2025-48961

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Windows before build 39938...