1495 matches found
CGA-G44J-XMX9-X7G3
Bulletin has no description...
CVE-2025-6936
creationtimestamp| type| source ---|---|--- 2025-07-01 00:07:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19991 2025-07-01 00:30:06+00:00| seen| https://bsky.app/profile/potato.software/post/3lsugzj6nce2c 2025-07-01 04:20:20+00:00| seen|...
WordPress Free Downloads EDD plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Free Downloads EDD versions = 1.0.4...
BIT-GITLAB-2025-2443 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
CVE-2025-6429
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox 140, Firefox ESR...
CGA-7JQQ-QQV5-RH8M
Bulletin has no description...
BIT-PYTHON-2025-4516 Use-after-free in "unicode_escape" decoder with error handler
There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...
CVE-2025-6273
A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been...
BIT-MEDIAWIKI-2024-34507
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...
CVE-2022-50031
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
MAL-2025-5128 Malicious code in requestpacket (PyPI)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-4754
Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
Denial Of Service (DoS)
libtomcrypt.so, is vulnerable to integer overflow. The vulnerability is due to an integer overflow flaw in the embedded libtommath library used by Perl CryptX, which allows an attacker to trigger a crash or cause unexpected behavior, potentially leading to Denial of Service DoS...
PT-2025-25630 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote code execution issue is mentioned, but details are scarce due to the rejection of the candidate. No information is provided about the estimated number of potentially affected device...
PT-2025-25647 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue was initially reported but later rejected as it was not considered a security issue. No further details are available regarding the nature of the issue or its potential impact...
Mass Assignment Attack
org.springframework, spring-context is vulnerable to Mass Assignment Attack. The vulnerability is due to incomplete enforcement of the disallowedFields mechanism, which allows certain request parameters to bypass intended binding restrictions even after applying locale-independent lowercase...
MINI-Q542-J4W2-4WM9
Bulletin has no description...
MINI-5R84-89C4-2239
Bulletin has no description...
BIT-GITLAB-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...
CVE-2025-1478
Removed by vendor...