CVE-2024-13730 Podlove Podcast Publisher < 4.2.1 - Admin+ Stored XSS

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13482 Icegram Engage < 3.1.32 - Admin+ Stored XSS

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13382

CVE-2024-13382 – Calculated Fields Form (WordPress) is a stored XSS vulnerability in versions before 5.2.64 caused by insufficient sanitization/escaping of certain settings. Exploitation requires authenticated admin-level access (Admin+), and can occur even when unfiltered_html is disallowed (e.g...

CVE-2024-13313 AWeber <= 7.3.20 - Admin+ Stored XSS

The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13313 AWeber <= 7.3.20 - Admin+ Stored XSS

The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11221 Full Screen (Page) Background Image Slideshow <= 1.1 - Admin+ Stored XSS

The Full Screen Page Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-11221 Full Screen (Page) Background Image Slideshow <= 1.1 - Admin+ Stored XSS

The Full Screen Page Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-11109

The WP Google Review Slider WordPress plugin before version 15.6 does not sanitize and escape some settings, allowing high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting even when unfiltered_html is disallowed (including multisite setups). Affected component: plugin setting...

CVE-2024-10145 Hubbub Lite < 1.34.4 - Admin+ Stored XSS

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10143

CVE-2024-10143 affects the MB Custom Post Types & Custom Taxonomies WordPress plugin, prior to version 2.7.7. The issue arises from inadequate sanitisation/escapes of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallo...

PT-2025-21477 · WordPress · Cm Tooltip Glossary

Name of the Vulnerable Software and Affected Versions: CM Tooltip Glossary WordPress plugin version prior to 4.3.4 Description: The issue concerns the CM Tooltip Glossary WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, suc...

PT-2025-21455 · WordPress · Hd Quiz

Name of the Vulnerable Software and Affected Versions: HD Quiz WordPress plugin version prior to 2.0.0 Description: The issue concerns the HD Quiz WordPress plugin, where versions prior to 2.0.0 do not properly sanitise and escape some of its settings. This could allow high privilege users, such ...

PT-2025-21399 · WordPress · Rbs Image Gallery

Name of the Vulnerable Software and Affected Versions: Rbs Image Gallery WordPress plugin versions prior to 3.2.22 Description: The issue concerns the Rbs Image Gallery WordPress plugin, where some settings are not properly sanitized and escaped, potentially allowing high-privilege users, such as...

CVE-2025-45867

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the staticdns1 parameter in the formIpv6Setup interface...

kernel: nvme-rdma: unquiesce admin_q before destroy it

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce adminq before destroy it Kernel will hang on destroy adminq while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" 0 ff61d23de260fb78 schedule at...

kernel: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

Intel Server M50FCP和Intel Server D50DNP 输入验证错误漏洞

Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. An input validation error vulnerability exists in Intel Server M50FCP and Intel Server D50DNP, which stems from improper input validation in the GenerationSetup module of the UEFI firmware, which could lead t...

Citrix Virtual Apps - Mouse pointer looks big inside published application

Administrators might notice that in a multimonitor setup where the main screen is set to 200% scaling and the secondary screen to 100% scaling, when the published application is moved from the 100% scaled monitor to the 200% scaled monitor, the Mouse pointer size becomes bigger as expected both...

Exploit for Improper Input Validation in Microsoft

Explotación de CVE-2024-21413 Outlook Estado del proyecto:...

SUSE CVE-2025-37857

In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in stsetup Change the array size to follow parms size instead of a fixed value...