CVE-2025-68859

CVE-2025-68859 affects the WordPress plugin Syntax Highlighter Compress (versions up to and including 3.0.83.3). Root cause: Improper neutralization of input during web page generation , leading to a Reflected XSS vulnerability. Affected scope is stated as Syntax Highlighter Compress: from n/a th...

[SECURITY] Fedora 43 Update: curl-8.15.0-5.fc43

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

WordPress plugin Syntax Highlighter Compress: Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

MiracleLinux 7 : openldap-2.4.44-25.el7 (AXSA:2022-3084:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3084:01 advisory. openldap: assertion failure in Certificate List syntax validation CVE-2020-25709 openldap: assertion failure in CSN normalization with invalid input...

MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

WordPress Syntax Highlighter Compress plugin <= 3.0.83.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin Syntax Highlighter Compress versions = 3.0.83.3...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.181-3.b13.AXS4 (AXSA:2018-3264:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3264:03 advisory. OpenJDK: insufficient index validation in PatternSyntaxException getMessage Concurrency, 8199547 CVE-2018-2952 Tenable has extracted the preceding descriptio...

MiracleLinux 4 : 389-ds-base-1.2.11.15-91.AXS4 (AXSA:2017-1583:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1583:03 advisory. 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Security...

MiracleLinux 4 : openssl-1.0.0-20.AXS4.5 (AXSA:2012-576:06)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-576:06 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

MiracleLinux 4 : openssl-1.0.0-20.AXS4.3 (AXSA:2012-459:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-459:04 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 4 : sudo-1.7.4p5-12.AXS4 (AXSA:2012-755:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-755:02 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

CVE-2016-10893

The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests...

CVE-2022-23628

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

CVE-2022-23620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

CVE-2023-29525

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the since parameter of the /xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration endpoint. This provides an XWik...

CVE-2023-45144

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...

HogVul: Black-Box Adversarial Code Generation Framework against LM-Based Vulnerability Detectors

Recent advances in software vulnerability detection have been driven by Language Model LM-based approaches. However, these models remain vulnerable to adversarial attacks that exploit lexical and syntax perturbations, allowing critical flaws to evade detection. Existing black-box attacks on...

CVE-2019-12172

Typora 0.9.9.21.1 1913 allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137...

EUVD-2026-1377

Malicious code in syntax-class-properties npm...

Malicious Package

Overview syntax-class-properties is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...