EUVD-2025-208690

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

Debian dla-4356 : ublock-origin-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4356 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4356-1 [email protected] https://www.debian.org/lts/security/...

WordPress plugin Galleries by Angie Makes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2020-29128

petl before 1.68, in some configurations, allows resolution of entities in an XML document...

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...

PT-2019-14694 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.67 and earlier Description: A sandbox bypass issue related to the handling of default parameter expressions in closures allows attackers to execute arbitrary code in sandboxed scripts. Recommendations...