WordPress Widgets as Shortcodes plugin <= 5.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Widgets as Shortcodes versions = 5.9.10...

Improper Cleanup on Thrown Exception

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when handling failed HTTP/2 requests with certain invalid HTTP priority headers. An attacker can trigger an OutOfMemoryExceptio...

Improper Cleanup on Thrown Exception

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when handling failed HTTP/2 requests with certain invalid HTTP priority headers. An attacker can trigger an...

GHSA-3P2H-WQQ4-WF4H Apache Tomcat Denial of Service via invalid HTTP priority header

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial ...

DEBIAN-CVE-2025-31650

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial ...

UBUNTU-CVE-2025-31650

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial ...

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. Used to implement support for Servlet and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat versions 9.0.76 through 9.0.102, 10.1.10 through 10.1.39, and 11.0.0-M2 through 11.0.5,...

WordPress Aeropage Sync for Airtable plugin <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Cheng Liu in WordPress Plugin Aeropage Sync for Airtable versions = 3.2.0...

WordPress Integração entre Eduzz e Woocommerce plugin 1.5.0-1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Integração entre Eduzz e Woocommerce versions 1.5.0-1.7.5...

WordPress Service Finder Bookings plugin <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' vulnerability

Unauthenticated Privilege Escalation via 'nslregistrationstoreextrainput' vulnerability discovered by Alyudin Nafiie in WordPress Plugin Service Finder Booking versions = 5.1...

WordPress Mailing Group Listserv plugin <= 3.0.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by timomangcut in WordPress Plugin Mailing Group Listserv versions = 3.0.4...

WordPress Fable Extra plugin <= 1.0.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by stealthcopter in WordPress Plugin Fable Extra versions = 1.0.6...

WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin My Custom Widgets versions = 2.0.5...

WordPress EduMall Theme <= 4.2.4 is vulnerable to Local File Inclusion

Software EduMall Type Theme Vulnerable versions = 4.2.4 Fixed in 4.3.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-2101 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ce27fee25f49 Credits Tonn Required privilege Unauthenticated Published ...

WordPress Mayosis Core plugin <= 5.4.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Tonn in WordPress Plugin Mayosis Core versions = 5.4.1...

WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin BM Content Builder versions = 3.16.2.1...

WordPress Prevent Direct Access plugin 2.8.6-2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions vulnerability

Incorrect Authorization to Authenticated Contributor+ Multiple Media Actions vulnerability discovered by 0xbro in WordPress Plugin Prevent Direct Access versions 2.8.6-2.8.8.2...

WordPress eForm plugin <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shaman0x01 in WordPress Plugin eForm - WordPress Form Builder versions = 4.18.0...