381 matches found
WordPress Arlo theme <= 6.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Arlo versions = 6.0.3...
CVE-2025-69021
Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...
CVE-2025-69021 WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...
CVE-2025-67873
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...
CVE-2025-14101
Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.This issue affects PaperWork: from 5.2.0.9427 before 6.0...
CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...
EUVD-2025-199597
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...
EUVD-2025-198343
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...
CVE-2025-62876
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4...
lightdm-kde-greeter -- Privilege Escalation from lightdm Service User to root
SUSE Security Team reports: A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root. This issue affects lightdm-kde-greeter before 6.0.4...
CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...
GHSA-WVV5-5G6X-HP7J MCMS reflected cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...
CVE-2025-60837
A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...
EUVD-2025-32912
Malicious code in v0-components npm...
CVE-2025-3450
CVE-2025-3450 describes an Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime . Affected versions are before 6.3 and before Q4.93, where an unauthenticated, network-based attacker could delete data, leading to denial of service. The issue stems from resource lo...
PT-2025-41144
Name of the Vulnerable Software and Affected Versions B Industrial Automation Automation Runtime versions prior to 6.4 Description An issue exists in B Industrial Automation Automation Runtime that allows for improper neutralization of input during web page generation, potentially leading to...
Open Asset Import Library Assimp 安全漏洞
Open Asset Import Library Assimp is an official Open Asset Import Library repository from Open Asset Import Library open source. It can load more than 40 3D file formats into a unified and clean data structure. A security vulnerability exists in Open Asset Import Library Assimp version 6.0.2, whi...
EUVD-2025-27035
Malicious code in bioql PyPI...
EUVD-2025-24092
Malicious code in bioql PyPI...
WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Jock On Air Now JOAN versions = 6.0.4...