EUVD-2025-202958

The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nspshortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-13747

The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nspshortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-13747

CVE-2025-13747 : The NewStatPress WordPress plugin is vulnerable to Stored Cross-Site Scripting via a regex bypass in the nsp_shortcode function in all versions up to 1.4.3. Exploitation requires authentication at contributor level or higher and can inject scripts executed by users on injected pa...

PT-2025-50821

The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2015-3252

Malware in sbrugna...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Trellix · July 19, 2022 This blog was also written by Chintan Shah Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Vinay Kumar and Chintan Shah · July 19, 2022 Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned CVE-2022-30190 in Microsof...

nsp-service.de Cross Site Scripting vulnerability OBB-2705394

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Bug Report – October Edition

ARCHIVED STORY The Bug Report – October Edition By Douglas McKee · November 02, 2021 Your Cyber Security Comic Relief Figure 1. Apache server version 2.4.50 CVE-2021-42013 Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview ...

UPDATE: OWASP Dependency-Check 3.1.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.0! This release comes with...

SA144 : OpenSSH Vulnerabilities January 2017

SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker with access to an SSH server can exploit these vulnerabilities to execute arbitrary code on an SSH client. A local attacker can also exploit these vulnerabilities to obtain...

SA129 : Multiple libxml2 Vulnerabilities

SUMMARY Blue Coat products that include a vulnerable version of the libxml2 library are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code and cause denial of service through memory corruption. AFFECTED PRODUCTS The following...

Wireshark Denial-of-Service Vulnerability (Jan 2016) - Mac OS X

Wireshark is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DEBIAN-CVE-2015-3182

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2015-3182

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

Code injection

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2015-3182

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

UBUNTU-CVE-2015-3182

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2015-3182

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2015-3182

CVE-2015-3182 affects Wireshark 1.10.12–1.10.14, where the DECnet NSP/RT dissector mishandles a strdup return value, allowing a remote attacker to crash the application via a crafted packet. Several connected advisories note upgrades to upstream Wireshark 1.10.14 (and later) to fix this and relat...