CVE-2024-13643 Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification

The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backupoptions and resetoptions functions i...

Azure Linux 3.0 Security Update: kernel (CVE-2024-45009)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45009 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepte...

CVE-2025-1076

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-0675

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...

Elber Communications Equipment 安全漏洞

Elber Communications Equipment is a communications equipment from Elber Corporation. A security vulnerability exists in Elber Communications Equipment that stems from the presence of unauthenticated device configurations and the disclosure of hidden client functionality...

Cisco Secure Email Gateway Privelege Escalation (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance coul...

CVE-2025-0675 Elber Communications Equipment Hidden Functionality

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...

CVE-2025-0675 Elber Communications Equipment Hidden Functionality

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...

CVE-2025-0675

CVE-2025-0675 affects Elber products (Elber Communications Equipment). The public records describe an authentication bypass that enables unauthorized access to password management, effectively allowing attackers to overwrite any user password and gain access to protected areas of affected devices...

CVE-2025-1076

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076

CVE-2025-1076 describes a Stored XSS vulnerability in Holded’s application, affecting the editable name and icon fields within the Activities feature. The root cause is storing a JavaScript payload in those parameters, enabling an attacker to inject script via standard input fields. The issue is ...

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2022-21217

An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...

PT-2025-5894 · Elber · Elber

Name of the Vulnerable Software and Affected Versions: Elber products affected versions not specified Description: The issue concerns an unauthenticated device configuration and client-side hidden functionality disclosure in Elber products. Recommendations: At the moment, there is no information...

CVE-2022-41014

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-40990

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2017-20067

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched...

CVE-2019-14417

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...