Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseActions function. An attacker can execute arbitrary code by sending crafted input to the affected process. Remediation Upgrade github.com/binwiederhier/ntfy/v2/server to version 2.21.0 or...

CVE-2025-31510

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...

CVE-2025-62969 WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through = 2.23.0...

EUVD-2025-35495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.21.0...

PT-2025-43227

Name of the Vulnerable Software and Affected Versions XLPlugins NextMove Lite versions through 2.21.0 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This issue is present in the...

Important: Red Hat Bug Fix Advisory: RHOAI 2.21.0 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.21.0 provides these changes:...

CVE-2024-11358

Mattermost Android Mobile Apps versions =2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2024-11358

Mattermost Android Mobile Apps versions =2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider...

WordPress plugin RabbitLoader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-39264 · WordPress · Rabbitloader

Name of the Vulnerable Software and Affected Versions: RabbitLoader plugin for WordPress versions up to, and including, 2.21.0 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...

GiveWP < 2.21.0 - Manager+ Arbitrary File Creation via Export

The plugin does not validate the exported file, which could allow high privilege users such as Managers to create arbitrary files...

CVE-2018-8041

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal...