19 matches found
EUVD-2025-10680
Malicious code in bioql PyPI...
EUVD-2024-17267
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-23386
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects...
CVE-2024-1519
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
CVE-2025-23386
A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1...
UBUNTU-CVE-2025-23386
A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1...
CVE-2025-23386
CVE-2025-23386 concerns a privilege-escalation in openSUSE Tumbleweed's Gerbera package. The issue is described as an Incorrect Default Permissions vulnerability that allows the service user gerbera to escalate to root, affecting gerbera on openSUSE Tumbleweed prior to 2.5.0-1.1. CVSS indicates a...
CVE-2025-23386 gerbera: Privilege escalation from user gerbera to root because of insecure %post script
A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1...
gerbera-2.5.0-1.1 on GA media (moderate)
gerbera-2.5.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14864-1 Rating: moderate Cross-References: CVE-2025-23386 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the gerbera-2.5.0-1.1...
PT-2025-15967 · Gerbera · Gerbera
Name of the Vulnerable Software and Affected Versions: gerbera versions prior to 2.5.0-1.1 Description: A vulnerability in the gerbera package on openSUSE Tumbleweed allows the service user gerbera to escalate to root. Recommendations: For versions prior to 2.5.0-1.1, update to version 2.5.0-1.1 ...
OPENSUSE-SU-2025:14864-1 gerbera-2.5.0-1.1 on GA media
These are all security issues fixed in the gerbera-2.5.0-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2025-23386
A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1...
CVE-2024-1519
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
CVE-2024-1519
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
Cross site scripting
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
ProfilePress < 4.15.0 - Unauthenticated Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'name' parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This...
PT-2024-18107 · WordPress · Profilepress
Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.14.4 Description: The issue is related to Stored Cross-Site Scripting via the name parameter due to insufficient input sanitization and output escaping. This allows...