BIT-GITLAB-2025-2408 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information...

CVE-2025-32485

Cross-Site Request Forgery CSRF vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Cross Site Request Forgery.This issue affects WP Performance Pack: from n/a through = 2.5.4...

CVE-2025-32483

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Salisbury Request Call Back request-call-back allows Stored XSS.This issue affects Request Call Back: from n/a through = 1.4.1...

CVE-2025-32612

Cross-Site Request Forgery CSRF vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through = 1.4.0...

CVE-2025-32498

Cross-Site Request Forgery CSRF vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through = 0.3.2...

CVE-2025-32068

Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...

CVE-2025-32477

Cross-Site Request Forgery CSRF vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through = 0.41...

CVE-2025-31400

Cross-Site Request Forgery CSRF vulnerability in icyleaf WS Audio Player ws-audio-player allows Stored XSS.This issue affects WS Audio Player: from n/a through = 1.1.8...

CVE-2025-32076

The CVE-2025-32076 entry describes an Improper Input Validation vulnerability in The Wikimedia Foundation MediaWiki Visual Data Extension, affecting versions 1.39 through 1.43. The underlying issue is improper input validation in the extension’s handling of user-provided data, which can be exploi...

CVE-2025-32074 XSSes in Extension:ConfirmAccount

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43...

CVE-2025-32071 Wikibase CommonsInlineImageFormatter: i18n XSS

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting XSS from widthheight message via ImageHandler::getDimensionsStringThis issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43...

MediaWiki 输入验证错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy in-house knowledge management and content management systems. MediaWiki - A security vulnerability exists in Wikidata Extension versions 1.39 through 1.43,...

PT-2025-15953 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions n/d through 3.4.0 Description: The issue is related to an improper neutralization of script-related HTML tags in a web page, which can lead to a basic Cross-Site Scripting XSS attack. This allows an attacker to inject...

CVE-2025-31391

Cross-Site Request Forgery CSRF vulnerability in regen Script Compressor script-compressor allows Stored XSS.This issue affects Script Compressor: from n/a through = 1.7.1...

CVE-2025-31017

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert Noakes Nav Menu Manager noakes-menu-manager allows Stored XSS.This issue affects Nav Menu Manager: from n/a through = 3.2.5...

org.apache.pulsar:pulsar-io-debezium (>=2.2.0 <=2.2.1), org.apache.pulsar:pulsar-io-debezium-core (>=2.4.0 <=2.9.5) +6 more potentially affected by CVE-2025-30677 via org.apache.pulsar:pulsar-io-kafka-connect-adaptor (>=2.2.0 <=2.9.5)

org.apache.pulsar:pulsar-io-kafka-connect-adaptor MAVEN version =2.2.0, =2.2.0, =2.4.0, =2.5.0, =2.9.0, =2.4.0, =2.9.0, =2.4.0, =2.8.0, =2.9.5 Source cves: CVE-2025-30677 Source advisory: OSV:GHSA-RCQJ-3FMP-5CQX...

Apache ActiveMQ Artemis 安全漏洞

Apache ActiveMQ Artemis is a high-performance open source messaging agent from the Apache USA Foundation. A security vulnerability exists in Apache ActiveMQ Artemis version 1.5.1 through versions prior to 2.40.0, which stems from sensitive information being written to log files...

PT-2025-15761 · Unknown · Ab-Tools Flags Widget

Name of the Vulnerable Software and Affected Versions: ab-tools Flags Widget versions 1.0.0 through 1.0.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Flags Widget. Recommendations: For versions 1.0.0 through 1.0.7, update to a...

com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +13 more potentially affected by CVE-2024-52981 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.15.0)

org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =8.0.0, =8.15.0 Source cves: CVE-2024-52981 Source advisory: OSV:GHSA-5XM9-X7X4-4J5X...

AskAI (=0.1.0), abbegm (=0.5.0) +609 more potentially affected by unknown CVE via tokio (>=0.2.5 <=1.38.1)

tokio CARGO version =0.2.5, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =4.0.0, =0.2.0, =0.6.0, =0.1.0, =0.1.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-RR8G-9FPQ-6WMG...