EUVD-2024-50378

Malicious code in bioql PyPI...

PT-2025-27618 · Infinera · Infinera G42

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue is related to insufficient input validation in the WebGUI CLI web interface of the Infinera G42 appliance. This allows remote authenticated users to read all OS files via crafted CLI commands...

CVE-2025-1665

The connected Red Hat CVE entry confirms CVE-2025-1665 affects Avada (Fusion) Builder for WordPress, enabling Stored Cross-Site Scripting via multiple shortcodes in all versions up to 3.11.14 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (c...

Server Side Request Forgery (SSRF)

composiocore is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient input validation in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint, which allows an attacker to manipulate server-side requests and access internal resources...

CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the htmltag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2018-19214

Netwide Assembler NASM 2.14rc15 has a heap-based buffer over-read in expandmmacparams in asm/preproc.c for insufficient input...

[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1897-1 [email protected] http://www.debian.org/security/ Nico Golde September 28th, 2009 http://www.debian.org/security/faq -...