EUVD-2025-206450

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

CVE-2023-25473

Cross-Site Request Forgery CSRF vulnerability in Miro Mannino Flickr Justified Gallery plugin = 3.5 versions...

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users...

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

Eaton Rack PDU G4 安全漏洞

The Eaton Rack PDU G4 is a vertical assembly power unit from Eaton Corporation USA. A security vulnerability exists in Eaton Rack PDU G4 version 3.5.0 and earlier, which stems from privileged access to potentially modify the contents of non-sensitive files via a CLI limited shell...

WordPress plugin WP Employee Attendance System SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Employe...

zephyr Security Breach

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in zephyr 3.5 and earlier versions, which stems from a signed to unsigned conversion issue in esp32ipmsend...

CA-99-13: minimal fix for Slackware 3.5 through 4.0

...