CVE-2025-34323

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

EUVD-2025-197936

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab function. This makes it possible for authenticated...

CVE-2025-12404

The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeitconf function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2025-11868

The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...

Mozilla Firefox ESR < 60.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-27 advisory. - When manipulating user events in nested loops while opening a document through script, it is possible to...

PT-2025-47293

Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description A remote attacker with low privileges can upload or overwrite Python scripts. This is achieved through a path traversal of the target filename within a PHP context, leading to...

EUVD-2025-197808

Cross-Site Scripting XSS vulnerability exists in SourceCodester AI Font Matcher nid=18425, 2025-10-10 that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly...

CVE-2025-34323

Nagios Log Server is vulnerable in versions prior to 2026R1.0.1 due to an unsafe interaction between passwordless sudo rules and group-writable script directories. The www-data user is in the nagios group, which has write access to /usr/local/nagioslogserver/scripts, while scripts in that directo...

EUVD-2025-197844

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to unsafe interaction between sudo rules and file system permissions. The web server account is granted passwordless sudo access to certain maintenance scripts while also being a member of a group that...

CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-4.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

PT-2025-47192

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have a local privilege escalation issue. This is due to an unsafe interaction between sudo rules and file system permissions. The web...

PT-2025-47180

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software is susceptible to a cross-site scripting issue due to improper input neutralization during web page generation. This allows for the injection of malicious scripts into web pages...

GHSA-G2J9-G8R5-RG82 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal

Summary An unauthenticated Local File Inclusion exists in the template-switching feature: if templateselection is enabled in the configuration, the server trusts the template cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file...

CVE-2025-8397

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Rockwell Automation Studio 5000 Simulation Interface Code Execution Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. A code execution vulnerability exists in Rockwell Automation Studio 5000 Simulation Interface, which can be exploited by an attacker to cause scripts to be executed with administrator...

PT-2025-46942

Name of the Vulnerable Software and Affected Versions Creta Testimonial Showcase WordPress plugin versions prior to 1.2.4 Description The Creta Testimonial Showcase WordPress plugin is susceptible to a Local File Inclusion issue. Attackers with editor-level access or higher can include and execut...

Malicious code in polaris-publish-vortex-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebce85812e6fc46ef9fcc86a5c7993e6c77bffb1288c327defb1b194eb04254c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tachyon-mesosphere-spinner-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0199d4ad6da5ed57f1010cac95dc16558ece4d84ae6e6c6fb857dc52e6c6370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...