199 matches found
EUVD-2025-205972
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anshul Gangrade Custom Background Changer custom-background-changer allows Stored XSS.This issue affects Custom Background Changer: from n/a through 3.0...
WordPress plugin Knowband Mobile App Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Binary MLM Plan plugin <= 3.0 - Unauthenticated Limited Privilege Escalation vulnerability
Unauthenticated Limited Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Binary MLM Plan versions = 3.0...
CVE-2025-15069
Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1...
Gmission Web Fax 安全漏洞
Gmission Web Fax is a web-based fax management system from the Korean company Gmission. A security vulnerability exists in Gmission Web Fax version 3.0 prior to version 4.0, which stems from improper authentication and may result in elevated privileges...
CVE-2025-67909
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...
DEBIAN-CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
PhotoShow 操作系统命令注入漏洞
PhotoShow is a free PHP web library from the individual developer Thibaud Rohmer. An operating system command injection vulnerability exists in PhotoShow version 3.0, which originates from allowing an authenticated administrator to inject malicious commands via the exiftran path configuration...
ClinCapture EDC 安全漏洞
ClinCapture EDC is a clinical trial data capture system from ClinCapture, Inc. A security vulnerability exists in ClinCapture EDC versions 3.0 and 2.2.3, which originates in reflective cross-site scripting and could lead to the execution of JavaScript code by an unauthenticated, remote attacker i...
CVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...
PT-2025-49334
The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label custom post type in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12822
The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mojwtgeneratenewapikey' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-64262
Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...
SUSE CVE-2016-11076
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...
CVE-2025-40773
SiPass integrated (pre-3.0) contains a broken access control vulnerability where the authorization checks are insufficient on the server side, allowing a crafted API request to manipulate data of other users. Reported across multiple feeds (including Red Hat, NVD, CIRCL, and PT Security), with CV...
PT-2025-41490
Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.13 Description BigBlueButton is an open-source virtual classroom. A denial-of-service DoS condition exists in versions prior to 3.0.13. An authenticated user can disrupt chat functionality for all meeting...
EUVD-2025-28115
Malicious code in bioql PyPI...
CVE-2025-60169 WordPress W3SCloud Contact Form 7 to Zoho CRM plugin <= 3.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM w3s-cf7-zoho allows Stored XSS.This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through = 3.2...
SUSE SLES12 Security Update : regionServiceClientConfigAzure (SUSE-SU-2025:03169-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03169-1 advisory. - Update to version 3.0.0. bsc1246995 - SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16...
Fedora 42 : kea (2025-92b4ae7199)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-92b4ae7199 advisory. - New version 3.0.1 rhbz2391289 - Fixes CVE-2025-40779 rhbz2391373 Tenable has extracted the preceding description block directly from the Fedora security...