WordPress Passbeemedia Web Push Notification plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Passbeemedia Web Push Notification versions = 1.0.0...

CVE-2025-25092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-23556

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in netbitsolutions Push Envoy Notifications push-envoy allows Reflected XSS.This issue affects Push Envoy Notifications: from n/a through = 1.0.0...

CVE-2025-25092 WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-25092

CVE-2025-25092 is a reflected XSS in the WordPress plugin “All push notification for WP” (affecting versions up to 1.5.3). The issue arises from improper input neutralization during web-page generation, enabling reflected malicious input to be executed in a victim’s browser. Reported CVSSv3.1 bas...

CVE-2025-23556 WordPress Push Envoy Notifications plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in netbitsolutions Push Envoy Notifications push-envoy allows Reflected XSS.This issue affects Push Envoy Notifications: from n/a through = 1.0.0...

CVE-2025-23556

CVE-2025-23556 concerns a reflected Cross-Site Scripting (XSS) in the WordPress Push Envoy Notifications plugin

WordPress plugin Push Envoy Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin All push notification for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: docker-compose, petname, nri-f5, aws-flb-kinesis, bank-vaults, helm, kubernetes-dashboard-metrics-scraper, kuberlr, hcloud, aws-flb-cloudwatch, falcosidekick, flux-kustomize-controller, golangci-lint, crossplane-provider-aws, cloud-provider-aws, regclient, cortex,...

Denial of Service via malicious Web Push endpoint

Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...

RUSTSEC-2025-0015 Denial of Service via malicious Web Push endpoint

Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...

CVE-2025-23771

Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...

CVE-2025-23771 WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability

Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...

CVE-2025-23771

CVE-2025-23771 describes a Missing Authorization vulnerability in the WordPress plugin Push Notification for Post and BuddyPress (Murali Push Notification for Post and BuddyPress). Affected versions are from n/a through 2.11. The issue stems from incorrectly configured access control levels, enab...

WordPress plugin Push Notification for Post and BuddyPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Astra Linux – Vulnerability in OpenVPN

Before version 2.6.11, OpenVPN did not properly sanitize PUSHREPLY messages. This vulnerability could be exploited by attackers who control the server, allowing them to inject unexpected arbitrary data into client logs...

Azure Linux 3.0 Security Update: cmake / curl / mysql (CVE-2024-2398)

The version of cmake / curl / mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2398 advisory. - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of...

CVE-2025-23720

Cross-Site Request Forgery CSRF vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through = 1.4.0...

CVE-2024-52408

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through = 3.0.8...