CVE-2025-50016

CVE-2025-50016 refers to a Stored XSS in the WordPress plugin IP Based Login (versions

FreeBSD : chromium -- multiple security fixes (e3d6d485-c93c-4ada-90b3-09f1c454fb8a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e3d6d485-c93c-4ada-90b3-09f1c454fb8a advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the...

CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

Grafana 9.3.x < 9.3.8 Multiple Vulnerabilities

According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 8.5.21, or 9.2.x earlier than 9.2.13, or 9.3.x earlier than 9.3.8. It is, therefore, affected by multiple vulnerabilities: - A Cross-site Scripting vulnerability. - A Cross-site Scripting...

CVE-2025-3704

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DBAR Productions Volunteer Sign Up Sheets pta-volunteer-sign-up-sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a through 5.5.5...

openSUSE Security Advisory (SUSE-SU-2025:01653-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-27613

Numbas editor before 7.3 mishandles reading of themes and extensions...

CVE-2024-23172

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...

CVE-2024-50443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through = 4.1.12...

CVE-2023-44319

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.0, SCALANCE...

CVE-2022-3381

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites...

PT-2025-22724 · Unknown · Svil4Ok Meta Keywords & Description

Name of the Vulnerable Software and Affected Versions: svil4ok Meta Keywords & Description versions n/a through 0.8 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allo...

CVE-2021-23023

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2021-21657

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-20095

iMessage Messages app iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages...

CVE-2019-6995

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues...

CVE-2015-9513

The Easy Digital Downloads EDD Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

Mozilla Thunderbird < 138.0.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 138.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-41 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing arr...

CVE-2025-22448

Insecure inherited permissions for some IntelR SimicsR Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access...

**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...