2284 matches found
CVE-2025-69029
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...
PT-2025-54410
Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for Elementor: from n/a through 1.2.10...
WordPress plugin Select Graphist for Elementor Graphist for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
EUVD-2025-205715
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...
CVE-2025-69029
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...
CVE-2025-69029 WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...
PT-2025-53910
Name of the Vulnerable Software and Affected Versions Select-Themes Struktur versions through 2.5.1 Description An authorization bypass exists in Select-Themes Struktur due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key...
Mozilla Thunderbird < 16.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 16.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-75 advisory. - Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation...
Mozilla Firefox < 16.0
The version of Firefox installed on the remote Windows host is prior to 16.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-75 advisory. - Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a we...
Mozilla Thunderbird < 16.0
The version of Thunderbird installed on the remote Windows host is prior to 16.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-75 advisory. - Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from ...
Mozilla Firefox < 16.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 16.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-75 advisory. - Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away...
CVE-2025-68068
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through = 9.14.1...
CVE-2025-68076
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through = 2.4.6...
CVE-2025-68291 mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported divide-by-zero in tcpselectwindow by MPTCP socket. 0 We had a similar issue for the bare TCP and fixed in commit 499350a5a6e7 "tcp:...
CVE-2025-68291 mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported divide-by-zero in tcpselectwindow by MPTCP socket. 0 We had a similar issue for the bare TCP and fixed in commit 499350a5a6e7 "tcp:...
EUVD-2025-203541
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through = 9.14.1...
EUVD-2025-203542
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through = 2.4.6...
CVE-2025-68076
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through = 2.4.6...
CVE-2025-68077
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through = 9.14.1...
PT-2025-51456
Name of the Vulnerable Software and Affected Versions Select-Themes Stockholm Core versions through 2.4.6 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. Specifically, this is a Stored XSS,...