EUVD-2025-23463

Malicious code in bioql PyPI...

CVE-2025-52132

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page...

CVE-2025-52132

CVE-2025-52132 affects the Mocca Calendar application for XWiki (pre-2.15). The vulnerability is an XSS flaw triggered by the title on the View Event page. Affected versions are Mocca Calendar prior to 2.15. The root cause is an improper sanitization/encoding of the title parameter on the event v...

XWiki Contrib Mocca Calendar Application 跨站脚本漏洞

XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the calendar import header...

PT-2025-31764 · Unknown · Mocca Calendar

Name of the Vulnerable Software and Affected Versions: Mocca Calendar versions prior to 2.15 Description: The Mocca Calendar application allows for cross-site scripting XSS via the background or text color field. Recommendations: Update Mocca Calendar to version 2.15 or later...

PT-2025-31766 · Unknown · Mocca Calendar

Name of the Vulnerable Software and Affected Versions: Mocca Calendar versions prior to 2.15 Description: The Mocca Calendar application is susceptible to a cross-site scripting XSS issue. This occurs through a specially crafted title during calendar import. Recommendations: Update Mocca Calendar...

CVE-2025-52133

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...

CVE-2024-9988

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...

CVE-2024-9988

CVE-2024-9988 (WordPress Crypto plugin) enables authentication bypass via crypto_connect_ajax_process::register, allowing unauthenticated login as existing users (e.g., admin). Publicly documented by Wordfence/Red Hat; patched in a later release (2.19) after disclosure; updates to 2.19+ are recom...

PT-2024-39268 · WordPress · Bulk Noindex & Nofollow Toolkit

Name of the Vulnerable Software and Affected Versions: The Bulk NoIndex & NoFollow Toolkit plugin for WordPress versions up to, and including, 2.15 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This...

OPENSUSE-SU-2024:13653-1 cpio-2.15-1.1 on GA media

These are all security issues fixed in the cpio-2.15-1.1 package on the GA media of openSUSE Tumbleweed...

DEBIAN-CVE-2024-33599

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was...

CVE-2023-40662

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15...

CVE-2020-18974

Buffer Overflow in Netwide Assembler NASM v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147...

CVE-2021-36377

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...

Design/Logic Flaw

The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...

WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - Insecure Permissions: Enable and Disable Maintenance Mode vulnerability

Insecure Permissions: Enable and Disable Maintenance Mode vulnerability discovered by WordFence in WordPress Minimal Coming Soon & Maintenance Mode plugin versions = 2.10. Solution Update the WordPress Minimal Coming Soon & Maintenance Mode plugin to the latest available version at least 2.15...

Design/Logic Flaw

Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 Firmware versions prior to 8.26.4, may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link...

NRPE 2.15 命令执行漏洞

No description provided by source...

PhonerLite 2.14 Digest Information Leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...