6654 matches found
RHEL 7 : openstack-nova (RHSA-2016:0364)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0364 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...
CVE-2025-3556
A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...
CVE-2025-30166
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...
ABB MV Drives
SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System v.3.5.15.0 is utilized in the firmware of ABB MV ACS6080 and ACS5000 drives to provide IEC 61131 programming capabilities. These vulnerabilities could lead...
Cross-Site Scripting (XSS)
publifycore is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the redirect functionality, allowing a publisher to execute scripts in an administrator's browser...
CVE-2025-3489 Nababur Simple-User-Management-System register.php cross site scripting
A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site scripting. The attack may be launched...
CVE-2025-31012 WordPress Age Gate plugin <= 3.5.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Phil Age Gate age-gate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Age Gate: from n/a through = 3.5.4...
CVE-2025-31012
CVE-2025-31012 describes a Missing Authorization vulnerability in the WordPress plugin “Age Gate,” affecting versions up to 3.5.4. The root cause is missing authorization checks, allowing access to functionality unconstrained by ACLs. The Wordfence vulnerability entry confirms this issue and note...
Containerd Find Exclude Path Detect (Linux)
Binary data containerddetect.nbin...
GHSA-X82R-6J37-VRGG Pimcore's Admin Classic Bundle allows HTML Injection
Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...
Pimcore's Admin Classic Bundle allows HTML Injection
Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...
CVE-2025-30166
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...
CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...
CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...
CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...
CVE-2025-30166
CVE-2025-30166 affects Pimcore’s Admin Classic Bundle. An HTML injection vulnerability resides in the /admin/email/send-test-email endpoint’s content parameter, allowing authenticated users with email-sending access to inject HTML into emails, potentially leaking session cookies or altering page ...
Update 23.18 for Microsoft Dynamics 365 Business Central 2023 Release Wave 2 (Application Build 23.18.32409, Platform Build 23.0.32309)
Update 23.18 for Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Application Build 23.18.32409, Platform Build 23.0.32309 Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a vulnerability. For more informatio...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2025:1149-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1149-1 advisory. - CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web conte...
PT-2025-15349
Name of the Vulnerable Software and Affected Versions: SMR versions prior to Apr-2025 Release 1 Description: The issue is related to an out-of-bounds read in enrollment with the cdsp frame secfr trustlet. This allows local privileged attackers to read out-of-bounds memory. Recommendations: For...
CVE-2025-3187 PHPGurukul e-Diary Management System login.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument logindetail leads to sql injection. The attack may be launched remotely. The exploit...