PT-2025-39025

Name of the Vulnerable Software and Affected Versions IP Based Login versions through 2.4.3 Description An issue exists in IP Based Login that allows for Stored Cross-site Scripting XSS. The flaw is due to improper neutralization of input during web page generation. This can allow an attacker to...

PT-2025-38961

Name of the Vulnerable Software and Affected Versions WP User Frontend versions through 4.1.11 Description An authorization issue exists in WP User Frontend, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update WP User Frontend to a version...

PT-2025-38997

Name of the Vulnerable Software and Affected Versions Binsaifullah Beaf versions through 1.6.2 Description A Server-Side Request Forgery SSRF issue exists in Binsaifullah Beaf. This allows for Server Side Request Forgery. The issue impacts the application's ability to properly validate server...

PT-2025-38820

Name of the Vulnerable Software and Affected Versions SALESmanago versions through 3.8.1 Description SALESmanago is susceptible to a Cross-Site Request Forgery CSRF issue. This allows an attacker to potentially perform actions on behalf of an authenticated user without their knowledge...

CVE-2025-53692 Sitecore Experience Platform Cross-Site Scripting Vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cross-Site Scripting XSS.This issue affects Sitecore Experience Manager XM: from 9.2 through 10.4; Experience...

CVE-2025-7665

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

Sitecore Experience Platform和Sitecore Experience Manager 安全漏洞

Sitecore Experience Platform XP and Sitecore Experience Manager XM are both products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Sitecore Experience Platform is a customer digital experience platform and Sitecore Experien...

CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...

edu.internet2.middleware.grouper:grouper-scim (>=5.1.0 <=5.20.2), edu.internet2.middleware.grouper:grouper-ui (>=5.1.0 <=5.20.2) +3 more potentially affected by CVE-2025-59714 via edu.internet2.middleware.grouper:grouper (>=5.17.1 <=5.20.2)

edu.internet2.middleware.grouper:grouper MAVEN version =5.17.1, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.18.3 Source cves: CVE-2025-59714 Source advisory: SNYK:JAVA-EDUINTERNET2MIDDLEWAREGROUPER-13003670...

PT-2025-38538

Name of the Vulnerable Software and Affected Versions Bimser Solution Software Trade Inc. EBA Document and Workflow Management System versions 6.7.164 through 6.7.165 Description An improper authorization issue exists in Bimser Solution Software Trade Inc. EBA Document and Workflow Management...

EUVD-2025-30249

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1042 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)

expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.2-alpha, =1.0.0, =1.3.0-alpha.0 and more Source cves: CVE-2025-13204 Source advisory: SNYK:JS-EXPREVAL-13508636...

mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2025-0420

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting XSS. This issue affects Paraşüt: from 0.0.0.65efa44e through 20250204...

CVE-2025-0419

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting XSS. This issue affects Zirve Nova: from 235 through 20250131...

CVE-2025-0420 XSS in Mikrogrup's Paraşüt

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting XSS. This issue affects Paraşüt: from 0.0.0.65efa44e through 20250204...

CVE-2025-0420 XSS in Mikrogrup's Paraşüt

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting XSS. This issue affects Paraşüt: from 0.0.0.65efa44e through 20250204...

mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

PT-2025-38130

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.1.4 through 2.1.5 Description An issue exists in Apache StreamPark that allows authenticated users to trigger remote command execution. Recommendations Upgrade to version 2.1.6 to resolve the issue...