9267 matches found
EUVD-2025-197969
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13196
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13196 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13196 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13196
CVE-2025-13196 (Element Pack Addons for Elementor, WordPress) The vulnerability is a Stored Cross-Site Scripting flaw in the Open Street Map widget’s marker content parameter, affecting all versions up to 8.3.4. Authentication is required (contributors or higher) to inject scripts that execute fo...
WordPress Element Pack Addons for Elementor plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Open Street Map widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 8.3.4...
WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞
WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...
PT-2025-47287
Name of the Vulnerable Software and Affected Versions Element Pack Addons for Elementor plugin for WordPress versions up to and including 8.3.4 Description The Element Pack Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Open Street Map widget’s...
WordPress All in One SEO plugin <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Media Deletion vulnerability discovered by shark3y in WordPress Plugin All In One SEO Pack versions = 4.8.9...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-58754)
Summary IBM Security SOAR uses an older version of axios that may be identified and exploited. Updates for supported versions have been released which address this issue. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When...
CLSA-2025-1763124681 Fix CVE(s): CVE-2025-62168
SECURITY UPDATE: information disclosure vulnerability in error handling - debian/patches/CVE-2025-62168.patch: Fix HttpRequest::pack function to handle sensitive data by including a parameter for masking sensitive information - CVE-2025-62168...
CVE-2025-31146
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable...
SUSE SLES15 Security Update : kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2025:4078-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4078-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.91 fixes various security issues The following security issues were fixed: -...
Security update for the Linux Kernel (Live Patch 60 for SUSE Linux Enterprise 15 SP3)
This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.215 fixes various security issues The following security issues were fixed: CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path bsc1249841. CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249847...
EUVD-2025-93491
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable...
CVE-2025-31146
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable...
CVE-2025-31146
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable...
CVE-2025-31146
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable...
Description of the security update for SharePoint Server 2016: November 11, 2025 (KB5002805)
Description of the security update for SharePoint Server 2016: November 11, 2025 KB5002805 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're...
PT-2025-46418
Name of the Vulnerable Software and Affected Versions Intel Ethernet Adapter Complete Driver Pack versions prior to 1.5.1.0 Description A time-of-check time-of-use race condition exists in some Intel Ethernet Adapter Complete Driver Pack software within Ring 3: User Applications. This may allow f...