CVE-2025-21870

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

CVE-2025-30541 WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Info Boxes Shortcode and Widget info-boxes-shortcode-and-widget allows Cross Site Request Forgery.This issue affects Info Boxes Shortcode and Widget: from n/a through = 1.15...

WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Info Boxes Shortcode and Widget versions = 1.15...

WordPress HT Mega plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin HT Mega versions = 2.8.3...

MAL-2025-2448 Malicious code in @flutterfire/source-ui-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d5007a2c3f744fc79ba88f20dcf5897470581ccbb3a076b83a10d43ad9c6f5e7 The OpenSSF Package Analysis project identified '@flutterfire/source-ui-widgets' @ 1.0.0 npm as malicious. It is considered malicious because: -...

CVE-2024-13703

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitaajaxtoggleae function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress plugin CRM and Lead Management by vcita 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

CVE-2024-10326

The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveoptions and resetwidgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

CVE-2024-10326

The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveoptions and resetwidgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

WordPress RomethemeKit For Elementor plugin <= 1.5.3 - Missing Authorization in save_options and reset_widgets vulnerability

Missing Authorization in saveoptions and resetwidgets vulnerability discovered by WordFence in WordPress Plugin RTMKit versions = 1.5.3...

GHSA-7G95-JMG9-H524 Jenkins cross-site request forgery (CSRF) vulnerability

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not require POST requests for the HTTP endpoint toggling collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability...

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

WordPress Master Addons plugin <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.7.2...

Malicious code in figma-plugins-and-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 250144845a9dd4a7a0bea8a44c06f50652890d4ab2f0fb860bb51a5a14ea1a54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-23851

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Khushwant Singh Coronavirus COVID-19 Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects Coronavirus COVID-19 Outbreak Data Widgets: from n/a through = 1.1.1...

CVE-2025-23851

CVE-2025-23851 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin Coronavirus (COVID-19) Outbreak Data Widgets . Affected versions are listed as

CVE-2025-23851 WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Khushwant Singh Coronavirus COVID-19 Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects Coronavirus COVID-19 Outbreak Data Widgets: from n/a through = 1.1.1...