org.apache.causeway.core:causeway-core-config (=4.0.0-M1), org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1) +105 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (=4.0.0-M1)

org.apache.causeway.core:causeway-applib MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - org.apache.causeway.core:causeway-core-config =4.0.0-M1 -...

CVE-2025-8386

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

MGASA-2025-0297 Updated yelp & yelp-xsl packages fix security vulnerability

The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...

Updated yelp & yelp-xsl packages fix security vulnerability

The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...

EUVD-2024-26050

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

EUVD-2025-197662

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

PT-2025-47034

Name of the Vulnerable Software and Affected Versions Application Server affected versions not specified Description An authenticated attacker with “aaConfigTools” privilege can modify App Objects’ help files, potentially leading to a persistent cross-site scripting XSS injection. Successful...

AVEVA Application Server IDE

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with help files and inject cross-site scripting XSS code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Kim YunJi in WordPress Plugin Chat Help versions = 3.1.3...

.NET 9.0 Update - November 11, 2025 (KB5071067)

.NET 9.0 Update - November 11, 2025 KB5071067 .NET 9.0 has been refreshed with the latest update as of November 11, 2025. This update contains non-security fixes. See the release notes for details about updated packages..NET 9.0 servicing updates are upgrades. The latest servicing update for 9.0...

EUVD-2025-44031

Malicious code in web-vitals-help npm...

Malicious Package

Overview web-vitals-help is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-55021 Malicious code in web-vitals-help (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 204b3a82026288b65a149e983d855812d21ccc8c61952dcb037c926c2b3a3452 The package web-vitals-help was found to contain malicious code. Source: ghsa-malware 93e30ad20be59206c5d91e0d2bff19f6c6969c69dc3ebc477ae0c980cc3d242...

Malicious code in web-vitals-help (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 204b3a82026288b65a149e983d855812d21ccc8c61952dcb037c926c2b3a3452 The package web-vitals-help was found to contain malicious code. Source: ghsa-malware 93e30ad20be59206c5d91e0d2bff19f6c6969c69dc3ebc477ae0c980cc3d242...

CVE-2025-12410

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...

CVE-2025-12410

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...

WordPress SH Contextual Help plugin <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin SH Contextual Help versions = 3.2.1...

CVE-2025-12410

CVE-2025-12410 affects the WordPress plugin SH Contextual Help (WordPress SH Contextual Help) up to version 3.2.1. The vulnerability is a CSRF flaw caused by missing or incorrect nonce validation in the function sh_contextual_help_dashboard_widget(), allowing unauthenticated attackers to forge re...