1671 matches found
CVE-2025-34294
...
CVE-2025-62985
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...
PT-2025-44187
Name of the Vulnerable Software and Affected Versions Wazuh affected versions not specified Description A time-of-check/time-of-use TOCTOU race condition exists in the File Integrity Monitoring FIM component when automatic threat removal is enabled. This can allow a local, low-privileged attacker...
CVE-2025-62985
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...
EUVD-2025-35960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...
CVE-2025-62985 WordPress Simple Pull Quote plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...
CVE-2025-62985
CVE-2025-62985 is a stored XSS in the WordPress plugin Simple Pull Quote (versions
CVE-2025-62985 WordPress Simple Pull Quote plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...
WordPress plugin Simple Pull Quote 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
Metasploit Wrap-Up 10/24/2025
Let us suggest persistence… This week's edition brings the new persistence suggester from h00die. Similar to the exploit variant, this module will list the available persistence mechanisms for your selected target. The module requires a session to target the machine, so it can run check methods...
WordPress Simple Pull Quote plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Pull Quote versions = 1.6.3...
GHSA-JFX9-29X2-RV3J pypdf can exhaust RAM via manipulated LZWDecode streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...
BIT-GIT-LFS-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
Git LFS may write to arbitrary files via crafted symlinks
Impact When populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. Git LFS has resolved this...
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
Git LFS CVE-2025-26625 affects versions 0.5.2–3.7.0. When populating a working tree (and in bare repositories), git lfs checkout and git lfs pull may write to files outside the repository if crafted symbolic or hard links collide with paths tracked by Git LFS. The root cause is lack of checks for...
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...