56 matches found
PT-2026-43934
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the DAMON core where the damos quota goal-nid value for node memcg used bp and node memcg free bp is not validated before being used in the NODE-DATA macro. This allow...
On the Security of Research Artifacts
Research artifacts are widely shared to support reproducibility, and artifact evaluation AE has become common at many leading conferences. However, AE mainly checks whether artifacts work as claimed and can be reproduced. It largely overlooks potential security risks. Since these artifacts are...
Threat landscape for industrial automation systems in Q4 2025
Statistics across all threats The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4 2025, it was 19.7%. Over the past three years, the percentage has decreased by 1.36 times, and by 1.25 times since Q4 2023. Percentage of IC...
CVE-2025-12715
The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label custom post type in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2025-201524
The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label custom post type in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12715 Canadian Nutrition Facts Label <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type
The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label custom post type in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12715
CVE-2025-12715 concerns the WordPress plugin Canadian Nutrition Facts Label . It enables a Stored Cross‑Site Scripting (XSS) via the percentage field in the plugin’s Nutrition Label custom post type, affecting all versions up to 3.0. The vulnerability can be exploited by authenticated attackers w...
PT-2025-49334
The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label custom post type in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-7730
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
EUVD-2025-35733
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-7730
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-7730 Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-7730 Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-7730
CVE-2025-7730 - Bold Page Builder (WordPress) Stored XSS : Wordfence reports a stored cross-site scripting vulnerability in Bold Page Builder up to version 5.4.5, exploitable by authenticated users with Contributor+ permissions via the percentage parameter. The flaw arises from insufficient input...
WordPress Bold Page Builder plugin <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via percentage Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Bold Page Builder versions = 5.4.5...
WordPress plugin Bold Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2025-32910
Malicious code in v0-runtime npm...
CVE-2025-11404
SourceCodester Hotel and Lodge Management System 1.0 is affected by CVE-2025-11404 due to an SQL injection in the /pages/save_tax.php file, caused by improper handling of the percentage parameter. An attacker can remotely exploit this vulnerability, and public disclosures exist. The vulnerability...
PT-2025-41153
Name of the Vulnerable Software and Affected Versions SourceCodester Hotel and Lodge Management System version 1.0 Description A flaw exists in SourceCodester Hotel and Lodge Management System 1.0, specifically within the /pages/save tax.php file. Manipulation of the percentage argument can resul...
IT threat evolution in Q2 2025. Mobile statistics
IT threat evolution in Q2 2025. Mobile statistics IT threat evolution in Q2 2025. Non-mobile statistics The mobile section of our quarterly cyberthreat report includes statistics on malware, adware, and potentially unwanted software for Android, as well as descriptions of the most notable threats...