Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: CVE-2025-24049: Fix improper neutralization of special elements used in a command which allows an unauthorized attacker to elevate privileges locally. bsc1239460 Patch Instructions: To install this SUSE update use the SUSE recommended...

CVE-2025-46699

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

PT-2026-4435

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Pay Writer versions through 1.5 Description The Penci Pay Writer software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means that maliciou...

PT-2026-4406

Name of the Vulnerable Software and Affected Versions Israpil Textmetrics webtexttool versions through 3.6.3 Description A flaw exists in Israpil Textmetrics webtexttool that allows for code injection due to improper neutralization of script-related HTML tags on a web page. This is a Basic...

WordPress plugin Nelio Content has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-4446

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.8...

WordPress plugin Textmetrics has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin UX Flat security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

CVE-2025-67960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...

CVE-2025-67614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through = 1.5.5...

CVE-2025-47600

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

CVE-2026-22349 WordPress Menu In Post plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through = 1.4.1...

CVE-2025-69003

CVE-2025-69003 corresponds to a Reflected XSS in QantumThemes KenthaRadio (qt-kentharadio) &lt;= 2.2.0. Technical detail: improper neutralization of input during web page generation enables reflected payloads. Affected product is KenthaRadio addon for Kentha Music Theme. Red Hat/NVD entries confi...

CVE-2025-68900 WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3...

CVE-2025-68881

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a through = 1.4.5...

CVE-2025-68838 WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...

CVE-2025-68012

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through = 0.10.1...

CVE-2025-67960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...

CVE-2025-67952

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through 5.6.2...

CVE-2025-27005 WordPress HTML5 Video Player plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...