8338 matches found
CVE-2025-9161
CVE-2025-9161 affects the FactoryTalk Optix MQTT broker. The vulnerability stems from insufficient URI sanitization, which allows loading of remote Mosquito plugins and can lead to remote code execution. Documented impact is remote code execution; exploitation details are not provided in the supp...
CVE-2025-9161 Rockwell Automation FactoryTalk Optix Remote Code Execution Vulnerability
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...
PT-2025-36730
Name of the Vulnerable Software and Affected Versions: FactoryTalk Optix affected versions not specified Description: A security issue exists in FactoryTalk Optix MQTT broker due to insufficient URI sanitization. This flaw allows the loading of remote Mosquito plugins, potentially leading to remo...
thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to perform memory corruption in the GMP process which process encrypted media. This process is also heavily sandboxed, but represents slightly different...
jaeles
This is a powerful, flexible, and easily extensible framework written in Go for building your own Web Application Scanner. The framework is called Jaeles and is designed to be highly customizable. It has a modular architecture, allowing users to easily add or remove plugins to suit their needs. T...
CVE-2025-58625
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...
CVE-2025-58623
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bohemia Plugins Event Feed for Eventbrite event-feed-for-eventbrite allows DOM-Based XSS.This issue affects Event Feed for Eventbrite: from n/a through = 1.3.2...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +219 more potentially affected by CVE-2024-10492 +1 more via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)
org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2025-58459 via org.jenkins-ci.plugins:global-build-stats (=1.2)
org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2025-58459...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), com.coravy.hudson.plugins.github:github (>=1.41.0 <=1.45.0) +35 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=6.1.0 <=6.3.0)
org.jenkins-ci.plugins:git-client MAVEN version =6.1.0, =37.v0d3157c4aef8, =1.41.0, =61.vf6d8f6f5ed02, =1.1.0.825.v30618768da42, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =3.2083.vd36f32376929, =530.v38d502df428f, =634.v371dc6d978a3, =718.v40b5f0e67cd3,...
CVE-2025-58625
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...
CVE-2025-58613
Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort posts-data-table allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Table with Search & Sort: from n/a through = 1.4.10...
WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Bao - BlueRock in WordPress Plugin Posts Table with Search & Sort versions = 1.4.10...
PT-2025-35756
Name of the Vulnerable Software and Affected Versions: Bohemia Plugins Event Feed for Eventbrite versions through 1.3.2 Description: The software contains a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update Bohemia...
CVE-2025-0951
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
Linux Distros Unpatched Vulnerability : CVE-2023-45133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to...
CVE-2025-8147 LWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscacheactivatePlugin function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-8147
The CVE-2025-8147 entry concerns the WordPress LWSCache plugin (versions up to and including 2.8.5). The underlying issue is improper authorization in the lwscache_activatePlugin() function, allowing authenticated users with Subscriber-level access and above to activate arbitrary whitelisted LWS ...
PT-2025-35187
Name of the Vulnerable Software and Affected Versions: LWSCache plugin for WordPress versions up to and including 2.8.5 Description: The LWSCache plugin for WordPress is susceptible to unauthorized data modification because of insufficient authorization within the lwscache activatePlugin function...
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 18, 2025 to August 24, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...