CVE-2025-30833

Cross-Site Request Forgery CSRF vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through = 4.8.2...

CVE-2025-30833 WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through = 4.8.2...

WordPress plugin Soft8Soft LLC Verge3D 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin i...

sos bug fix and enhancement update

An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh version 4.8.2 that stems from the inclusion of an Access Control Error...

CVE-2025-23602 WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through = 4.8.2...

CVE-2025-23602

CVE-2025-23602 involves NotFound EELV Newsletter (NotFound EELV Newsletter: vulnerable versions up to 4.8.2) and is a Cross-site Scripting (XSS) flaw caused by improper input neutralization during web page generation. Red Hat’s security advisory clarifies that this is a NotFound EELV Newsletter X...

CVE-2024-54430 WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through = 4.8.2...

PT-2024-32078 · WordPress · Oxygen Builder

Name of the Vulnerable Software and Affected Versions: Oxygen Builder plugin for WordPress versions up to, and including, 4.8.2 Description: The issue allows for Remote Code Execution via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix,...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pallets Werkzeug denial of service vulnerabilitiy [ CVE-2023-46136]

Summary Potential Pallets Werkzeug denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-4613 Vulnerability Details CVEID:CVE-2023-46136...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an HTTP header injection in Twisted [CVE-2022-39348]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an HTTP header injection in Twisted, caused by improper validation of input by the NameVirtualHost Host header CVE-2022-39348. Twisted is used as a component of our Speech runtimes. This vulnerabilitiy has be...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JSON-java [CVE-2023-5072]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JSON-java caused by a bug in the parser CVE-2023-5072. JSON-java is used as a component of our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat [CVE-2023-45648]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat, caused by improper parsing of HTTP trailer headers CVE-2023-45648. Apache Tomcat is used as a component of our Speech microservices. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in wget

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of wget CVE-2018-20483 Vulnerability Details CVEID:CVE-2018-20483 DESCRIPTION: GNU Wget could allow a local authenticated attacker to obtain sensitive information, caused by the storing of the origin URL in the...

WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Download Monitor Type Plugin Vulnerable versions = 4.8.1 Fixed in 4.8.2 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-31219 Patch priority Low CVSS severity Low 4.1 Developer WPChill PSID fb7b8d305714 Credits Mika Required privilege Administrator...

Buffer overflow

OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the...

CVE-2023-26488 OpenZeppelin Contracts contains Incorrect Calculation

OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the...

FoxyShop < 4.8.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=foxyshopproduct=foxyshoptools=error=...

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

PT-2021-19533 · Mcafee · Mcafee Database Security

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the...