CVE-2012-1413

Cross-site scripting XSS vulnerability in zcinstall/includes/modules/pages/databasesetup/headerphp.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the dbusername parameter to zcinstall/index.php...

CVE-2012-0782

Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the significance of...

CVE-2011-5306

Cross-site request forgery CSRF vulnerability in cgi-bin/admin/setupedit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action...

PT-2025-36409

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue exists in the setup clusters function within the kernel's swap management code. The vulnerability occurs because setup swap map only validates badpages against th...

CVE-2004-2407

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality...

CVE-2005-0713

The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges...

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...

CVE-1999-0372

The installer for BackOffice Server includes account names and passwords in a setup file reboot.ini which is not deleted...

CVE-2025-2560

The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-30826 · Amd-Pmf +1 · Amd-Pmf +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel’s platform/x86/amd pmf module. A failure during smart PC setup can lead to a double free when unloading amd-pmf, specifically because a device buffer...

DEBIAN-CVE-2025-37941

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937xsoccodecprobe When sndsocdapmnewcontrols or sndsocdapmaddroutes fails, wcd937xsoccodecprobe returns without releasing 'wcd937x-clshinfo', which is allocated by...

CVE-2025-37899

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess-user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for...

DEBIAN-CVE-2025-37899

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess-user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for...

Unverified Password Change

Overview typo3/cms-setup is an Allows users to edit a limited set of options for their user profile, including preferred language, their name and email address. Affected versions of this package are vulnerable to Unverified Password Change through the backend user management interface. An attacke...

CVE-2025-2560

The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

The vulnerability of the Branch Prediction Unit (BPU) in Intel Core Ultra microprogramming systems allows attackers to disclose protected information.

The vulnerability of the Branch Prediction Unit BPU in Intel Core Ultra microprogrammed software processors is related to incorrect initialization of resources. Exploiting this vulnerability can allow attackers to disclose protected information...

CVE-2023-5529

The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1454

The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0329

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1033

The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...