9282 matches found
CVE-2025-8100
The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
PT-2025-32386 · Mitel · Micollab +1
Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...
CVE-2025-3320
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash...
CVE-2025-3320
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash...
CVE-2025-3354
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash...
CVE-2025-8100
The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2025-8100
The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content
The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content
The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
WordPress plugin Element Pack Elementor Addons and Templates 跨站脚本漏洞
WordPress Element Pack Elementor Addons and Templates is a powerful plugin for Elementor designed to simplify website design. A cross-site scripting vulnerability exists in WordPress Element Pack Elementor Addons and Templates, which stems from insufficient input cleanup and output escaping of th...
PT-2025-32099 · WordPress · Elementskit Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons and Templates versions through 8.1.5 Description: The Element Pack Elementor Addons and Templates plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and outp...
WordPress Element Pack Elementor Addons plugin <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 8.1.5...
CVE-2025-54584
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-33118
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
IBM DB2 DoS (7240947) (Windows)
According to it self-reported version number, IBM Db2 is affected by denial of service vulnerability. - IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. CVE-2025-2533 Note that Nessus...
IBM QRadar SIEM 跨站脚本漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
CVE-2025-54584
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
GitProxy Backfile Parsing Exploit
Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...
GHSA-XXMH-RF63-QWJV GitProxy Backfile Parsing Exploit
Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...
PT-2025-31443 · Gitproxy · Git-Proxy
Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A crafted malicious Git packfile can exploit the PACK signature detection in the parsePush.t...