42 matches found
OESA-2025-2340 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
WordPress IRM Newsroom plugin <= 1.2.19 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Chuck in WordPress Plugin IRM Newsroom versions = 1.2.19...
GitLab 16.6 < 17.9.7 / 17.10 < 17.10.5 / 17.11 < 17.11.1 (CVE-2025-1763)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6...
CVE-2024-24872
Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...
CVE-2023-39164
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...
CVE-2021-29080
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126,...
CVE-2015-9519
The Easy Digital Downloads EDD PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...
CVE-2025-47708
Cross-Site Request Forgery CSRF vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0...
CVE-2025-27523 XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06...
Moodle 4.1.x < 4.1.4 XSS Risk on groups page
According to its self-reported version, the Moodle install hosted on the remote host is 3.11.x prior to 3.11.15, 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.4 or 4.2.x prior to 4.2.1. It is, therefore, affected by a Cross-Site Scripting in content on the groups page. Note that the scanner has not...
CVE-2025-31682
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Google Tag allows Cross-Site Scripting XSS.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8...
CVE-2021-26105
A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
CVE-2024-10925
A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML...
CVE-2025-27680
Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004...
CVE-2022-43541
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...
CVE-2020-2742
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...
CVE-2024-54315
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through = 2.2.2...
CVE-2024-11005
Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...
OESA-2023-1988 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
SUSE CVE-2023-6212
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 120, Firefox ESR...