WordPress plugin 12 Step Meeting List 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress 12 Step Meeting List plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2025-55157

A use-after-free vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the use-after-free, causing the application to crash. Mitigation Do not run untrusted Vim scripts as it's not recommended...

USN-6885-6 apache2 regression

USN-6885-1 fixed vulnerabilities in Apache. The patch for CVE-2024-38474 was incomplete and caused a regression. This update provides the fix for this issue. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. ...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via form fields. An attacker can execute arbitrary scripts in the context of other users by injecting malicious code, potentially escalating...

CVE-2025-40769

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site...

CVE-2025-42975 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)

SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...

WordPress plugin Software Issue Manager 跨站脚本漏洞

The WordPress Software Issue Manager plugin is a project-based WordPress plugin for tracking software defects, issues, tasks, and product feature requests, with support for customized reporting. The WordPress Software Issue Manager plugin suffers from a cross-site scripting vulnerability that ste...

WordPress plugin Simple Responsive Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Simple Responsive Slider plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress plugin Inline Stock Quotes 跨站脚本漏洞

WordPress Inline Stock Quotes plugin is a WordPress plugin that allows users to dynamically insert stock quote information into a post or page via the stock shortcode, supporting real-time updates of stock quotes and dynamic data. WordPress Inline Stock Quotes plugin suffers from a cross-site...

SAP NetWeaver Application Server ABAP 代码注入漏洞

SAP NetWeaver Application Server ABAP is an application server developed by SAP to run ABAP applications. An HTML injection vulnerability exists in SAP NetWeaver Application Server ABAP. An attacker could exploit this vulnerability to construct URLs containing malicious scripts that could be...

WordPress Employee Directory plugin cross-site scripting vulnerability

WordPress Employee Directory plugin is specially designed for WordPress websites to create and manage employee profile directories. The WordPress Employee Directory plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping ...

WordPress Customer Reviews for WooCommerce plugin cross-site scripting vulnerability

WordPress Customer Reviews for WooCommerce plugin is mainly used to enhance the customer reviews feature of the WooCommerce platform to boost store conversions and user trust through automated alerts, multi-language support and social proof. A cross-site scripting vulnerability exists in the...

WordPress GiveWP plugin cross-site scripting vulnerability

WordPress GiveWP plugin is an open source online donation system plugin, mainly used to help the website to realize the online fundraising function. WordPress GiveWP plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

WordPress The Plus Addons for Elementor plugin cross-site scripting vulnerability

WordPress The Plus Addons for Elementor plugin is a professional extension plugin for Elementor page builder that provides over 120 widgets and extensions with support for WooCommerce store builder, Mega menu, popups and other advanced features. WordPress The Plus Addons for Elementor plugin...

WordPress SureForms plugin cross-site scripting vulnerability

WordPress SureForms plugin is designed for WordPress visual form builder plugin , support drag and drop operation , no programming foundation can quickly build responsive form . WordPress SureForms plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective...

WordPress All in One Time Clock Lite plugin cross-site scripting vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

CVE-2025-55006

CVE-2025-55006 affects Frappe LMS 2.34.x/2.35.0. The issue stems from an incomplete fix for CVE-2025-55006, enabling cross-site scripting via manipulated input. Remote exploitation is described as possible; an exploit has been made public per connected sources. A remediation is to upgrade to a ve...

Frappe Learning 输入验证错误漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. An input validation error vulnerability exists in Frappe Learning version 2.33.0 and earlier, which stems from insufficient cleanup of uploaded SVG files and could lead to the execution of arbitrary...