2838 matches found
CVE-2025-53270
Cross-Site Request Forgery CSRF vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Cross Site Request Forgery.This issue affects WordPress CTA: from n/a through = 1.7.0...
CVE-2025-39474
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through = 3.1.4...
SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2025:02149-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02149-1 advisory. - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add...
CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
CVE-2025-53268
Cross-Site Request Forgery CSRF vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachments: from n/a through = 1.5.12...
CVE-2025-39474
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through = 3.1.4...
CVE-2025-52778 WordPress xili-dictionary plugin <= 2.12.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through = 2.12.5.2...
WordPress Ultra Addons for Contact Form 7 plugin 3.5.11-3.5.19 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Sy5temFr4cture in WordPress Plugin Ultimate Addons for Contact Form 7 versions 3.5.11-3.5.19...
PT-2025-26881 · Codeastro · Codeastro Patient Record Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Patient Record Management System version 1.0 Description: A problematic issue was found, leading to cross-site request forgery. The manipulation can be launched remotely. Recommendations: For CodeAstro Patient Record Management Syst...
PT-2025-28079 · Belkin · Belkin F9K1122
Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart in the webs component. The manipulation of the pinCode argument leads to a stack-based buffer overflow. Th...
BIT-GITLAB-2025-5121 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...
CVE-2025-52937
Vulnerability in PointCloudLibrary PCL surface/src/3rdparty/opennurbs modules. This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib WITHSYSTEMZLIB=FALSE...
CVE-2025-52795
Cross-Site Request Forgery CSRF vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Cross Site Request Forgery.This issue affects WP Front User Submit / Front Editor: from n/a through = 5.0.6...
CVE-2025-50027
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xootix Login/Signup Popup easy-login-woocommerce allows Stored XSS.This issue affects Login/Signup Popup: from n/a through = 2.9.4...
CVE-2025-49984
Server-Side Request Forgery SSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.11...
CVE-2025-49968
Cross-Site Request Forgery CSRF vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a through = 2.0...
CVE-2025-49967
CVE-2025-49967 is a CSRF vulnerability in the WordPress plugin Live Sports Streamthunder (affected versions n/a through 2.1). The issue enables cross-site request forgery, allowing unauthorized actions on behalf of a logged-in user. Public sources in the connected documents identify the affected ...
CVE-2025-49984 WordPress PowerPress Podcasting plugin <= 11.12.11 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery SSRF vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.11...
CVE-2025-52789
CVE-2025-52789 concerns the Lewe ChordPress WordPress plugin (versions <= 3.9.7). The vulnerability is described as a CSRF that enables Stored XSS, with CVSS v3.1 base score 7.1 (High). Public sources in the connected docs indicate an available patch: upgrading to Lewe ChordPress 4.0.1 or late...
PT-2025-26330 · Brplot · Brplot
Name of the Vulnerable Software and Affected Versions: brplot version 420.69.1 Description: The issue is related to a Null Pointer Dereference NPD in the br dagens handle once function of the data processing module, leading to unpredictable program behavior, causing segmentation faults, and progr...