EUVD-2025-208745

Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5 and earlier, which stems from a stack buffer overflow during address parsing and could lead to a crash or remote code execution...

EUVD-2025-201786

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

SUSE CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

DEBIAN-CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

CVE-2025-65493

NULL pointer dereference in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIOgetdata to return NULL...

CVE-2025-65495

CVE-2025-65495 affects libcoap 4.3.5. The issue is a signedness error in tls_verify_call_back() inside src/coap_openssl.c that can allow a remote attacker to trigger a denial of service by sending a crafted TLS certificate, causing i2d_X509() to return -1 and be misused as a malloc() size. Public...

Linux Distros Unpatched Vulnerability : CVE-2025-65495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS...

Linux Distros Unpatched Vulnerability : CVE-2025-65499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS...

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5, which stems from a null pointer dereference in the coapdtlsgeneratecookie function in src/coapopenssl.c, which could lead to a denial of service atta...

CVE-2025-65497

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

CVE-2025-57928

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through = 4.4.3...

WordPress plugin WpEvently 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2024-9428

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-29203 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.2 through 7.4.3.53 Liferay DXP 7.4 before update 54 Description: The issue concerns multiple stored cross-site scripting XSS vulnerabilities in the fragment components. These vulnerabilities allow remote attackers ...

2022-10 Cumulative Update for Windows 10 Version 20H2 for ARM64-based Systems (KB5020435)

2022-10 Cumulative Update for Windows 10 Version 20H2 for ARM64-based Systems KB5020435...