CVE-2025-67025

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...

CVE-2025-67025

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...

EUVD-2026-2716

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...

CVE-2025-67025

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...

CVE-2025-67025

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...

PT-2026-3113

Name of the Vulnerable Software and Affected Versions Anycomment version 0.4.4 Description A Cross Site Scripting issue exists in Anycomment. This allows a remote attacker to execute arbitrary code through the Anycomment comment section. Recommendations At the moment, there is no information abou...

AnyComment security vulnerability

AnyComment is an embedded comment system tool developed by the Russian company AnyComment. Version 0.4.4 of AnyComment contains a security vulnerability; this vulnerability arises from the lack of input cleaning in the comment section, which may lead to cross-site scripting attacks...

CVE-2025-67025

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...

CVE-2025-67025

CVE-2025-67025: Cross Site Scripting in Anycomment (anycomment.io) version 0.4.4 allows a remote attacker to run arbitrary code via the comment section. Affected product is Anycomment.io; root cause is XSS in the comment handling. Documented impact is execution of arbitrary code; no patch/version...

MiracleLinux 7 : bind-9.11.4-26.P2.16.0.5.el7.AXS7 (AXSA:2025-9780:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9780:04 advisory. CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9 CVEs: CVE-2024-11187 It is possible to construct a zone such that...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

CVE-2016-10763

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...

CVE-2022-33032

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decodepreR13sectionhdr at decoder11.c...

CVE-2020-10431

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section length...

CVE-2019-12495

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsymaddr function in x8664-gen.c. This occurs because tccasm.c mishandles section switches...

CVE-2019-12041

lib/common/htmlre.js in remarkable 1.7.1 allows Regular Expression Denial of Service ReDoS via a CDATA section...

CVE-2025-13964

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...

CVE-2025-13964

CVE-2025-13964 : LearnPress – WordPress LMS Plugin (LearnPress) is vulnerable to unauthorized modification of course data due to a missing capability check in catch_lp_ajax, affecting all versions up to 4.3.2. This allows unauthenticated attackers to add/remove/update/reorder sections and section...

CLSA-2026-1767626154 Fix CVE(s): CVE-2025-11083

SECURITY UPDATE: Heap-based buffer overflow in elfswapshdr function - debian/patches/CVE-2025-11083.patch: Avoid a linker crash by rejecting corrupt section headers in linker input files. Changed elfswapshdrin to return bfdboolean and validate section sizes against file size to detect and reject...