Lucene search
K

54815 matches found

NVD
NVD
added 2025/12/17 4:15 a.m.3 views

CVE-2025-13977

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event...

6.4CVSS0.00265EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/17 3:51 a.m.2 views

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References5
CVE
CVE
added 2025/12/17 3:20 a.m.37 views

CVE-2025-13977

The CVE-2025-13977 entry concerns the WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets. It is vulnerable to Stored Cross-Site Scripting in all versions up to 6.5.3, due to insufficient input sanitization and output escaping in the Event Calendar widget’s cus...

6.4CVSS4.8AI score0.00265EPSS
Exploits0References5
Fedora
Fedora
added 2025/12/17 1:32 a.m.6 views

[SECURITY] Fedora 42 Update: mod_md-2.6.6-1.fc42

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...

7.5CVSS7AI score0.00402EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/12/17 1:18 a.m.6 views

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.6 views

CVE-2025-67747

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

8.5CVSS7.6AI score0.00237EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/12/17 12:25 a.m.1 views

SUSE CVE-2025-68215

In the Linux kernel, the following vulnerability has been resolved: ice: fix PTP cleanup on driver removal in error path Improve the cleanup on releasing PTP resources in error path. The error case might happen either at the driver probe and PTP feature initialization or on PTP restart errors in...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/12/17 12:25 a.m.1 views

SUSE CVE-2025-68216

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

6.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/17 12:24 a.m.4 views

SUSE CVE-2025-68262

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

5.5CVSS6.6AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51979

Name of the Vulnerable Software and Affected Versions ZZCMS version 2025 Description A security issue exists in ZZCMS 2025 related to the User Data Storage Module. A flaw within the /reg/user save.php file results in the storage of data in cleartext on a file or disk. Remote exploitation is...

5.1CVSS3.6AI score0.00175EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Open Source Point of Sale 安全漏洞

Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A security vulnerability exists in Open Source Point of Sale version v3.4.1, which stems from improper handling of the name parameter in the Create/Update Items module, which could lead to a cross-site...

7.2CVSS6AI score0.00465EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51894

Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10 Description RIOT OS, designed for IoT and embedded devices, contains a flaw in its IPv6 fragmentation reassembly process. Specifically, the implementation lacks a size check when copying the first fragment offset...

9.8CVSS8AI score0.00817EPSS
Exploits1References9
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.25 views

CVE-2025-66921

A Cross-site scripting XSS vulnerability in Create/Update Items Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

0.00465EPSS
Exploits1References2
CVE
CVE
added 2025/12/17 12:0 a.m.10 views

CVE-2025-66921

CVE-2025-66921 describes a Cross-site scripting (XSS) vulnerability in the Open Source Point of Sale (OSPOS) v3.4.1, specifically in the Create/Update Item(s) Module. The issue arises from improper handling of the name parameter, allowing remote attackers to inject arbitrary web script or HTML. M...

7.2CVSS5.5AI score0.00465EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-68216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions i...

5.9AI score0.00155EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.3 views

org.apache.kafka: Kafka JNDI Login Module RCE Vulnerability

A flaw was found in org.apache.kafka. The JndiLoginModule within the SASL authentication mechanism allows remote code execution and denial of service when misconfigured. This flaw allows an attacker to provide a malicious JNDI URI within the Kafka broker's configuration, permitting arbitrary code...

7.5CVSS6.5AI score0.00871EPSS
Exploits0References5
OSV
OSV
added 2025/12/16 6:31 p.m.4 views

GHSA-VFM5-CR22-JG3M ABP Account Module has an Open Redirect through Improper validation in its register function

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS6.9AI score0.00239EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/16 6:31 p.m.8 views

ABP Account Module has an Open Redirect through Improper validation in its register function

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS7AI score0.00239EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/16 6:16 p.m.3 views

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS0.00239EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 6:16 p.m.5 views

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder