3381 matches found
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-66686
The CVE describes a stored Cross-Site Scripting (XSS) flaw in Perch CMS version 3.2. An attacker with administrative privileges can inject malicious JavaScript into the “Help button url” in the admin panel; the payload is stored and executes when any authenticated user clicks the Help button. Imp...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.4...
SUSE CVE-2022-50779
In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs module, then debughelpstring will be leaked: unreferenced object 0xffff8881652ba000 size 4096: comm "insmod", pid 1701, jiffies...
CVE-2022-50779
In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs module, then debughelpstring will be leaked: unreferenced object 0xffff8881652ba000 size 4096: comm "insmod", pid 1701, jiffies...
CVE-2022-50779
The CVE-2022-50779 issue affects the Linux kernel’s orangefs integration. The vulnerability is a memory leak in the orangefs_prepare_debugfs_help_string() path: when the orangefs module is inserted and removed, the debug_help_string is leaked from kmemleak. The root cause is failure to consistent...
CVE-2022-50779 orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs module, then debughelpstring will be leaked: unreferenced object 0xffff8881652ba000 size 4096: comm "insmod", pid 1701, jiffies...
PT-2025-53145
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified within the orangefs module in the Linux kernel, specifically in the orangefs prepare debugfs help string function. This leak occurs during the insertion and...
ROS-20251215-7314
A vulnerability in the Yelp help system is related to the inclusion of functions from an invalid controlled scope when processing documents using the ghelp schema. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information and execute...
Security update for yelp
This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
WordPress Chat Help plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Chat Help plugin, which can be exploited by an attacker to leverage an incorrectly configured access control securi...
CVE-2025-66099
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...
CVE-2025-66099
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...
CVE-2025-66099 WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...
CVE-2025-66099 WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...
CVE-2025-66099
CVE-2025-66099 concerns a missing authorization vulnerability in the WordPress Chat Help plugin (WordPress). The connected sources describe a Broken/Missing Access Control issue allowing exploitation due to an incorrectly configured access control security level, affecting plugin versions ≤ 3.1.3...
EUVD-2025-198450
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...
PT-2025-47766
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through = 3.1.3...
WordPress plugin Chat Help 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Chat Help plugin, which can be exploited by an attacker to leverage an incorrectly configured access control securi...