456 matches found
PT-2025-49347
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-49045
Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...
MongoDB 7.0.x < 7.0.25 / 8.0.x < 8.0.15 / 8.2.x < 8.2.1 / 8.3.0-rc0 (SERVER-105873)
The version of MongoDB installed on the remote host is 7.0 prior to 7.0.25, 8.0 prior to 8.0.15, 8.2 prior to 8.2.1 and 8.3.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-105873 advisory. - An authorized user may crash the MongoDB server by causing buffer...
Fedora 42 : restic (2025-65fc438cba)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-65fc438cba advisory. Update to 0.18.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Hello Video Codec 安全漏洞
Hello Video Codec is a video codec from Tempus Ex open source. A security vulnerability exists in Hello Video Codec version v0.1.0, which stems from improper validation of inputs to the BitstreamWriter::writebits function, which could lead to a denial of service attack...
EUVD-2025-199752
Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...
PT-2025-48197
Name of the Vulnerable Software and Affected Versions XML-Sig versions 0.27 through 0.67 Description The Perl module XML-Sig does not correctly validate XML files when signatures are absent. An attacker can remove a signature from an XML document, causing the verification check to pass incorrectl...
TencentOS Server 4: cpp-httplib (TSSA-2025:0374)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0374 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2025-197943
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...
CVE-2025-11859 Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' and 'text' parameters. This makes it possibl...
WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...
CVE-2025-48078
Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...
CVE-2025-48078 WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...
EUVD-2025-38023
Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...
WordPress plugin Backup and Move 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress WP Global Screen Options plugin <= 0.2 - Cross-Site Request Forgery to Screen Options Update vulnerability
Cross-Site Request Forgery to Screen Options Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Global Screen Options versions = 0.2...
WordPress plugin WP Global Screen Options 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
CVE-2025-52665
Summary (CVE-2025-52665): UniFi Access Application versions 3.3.22–3.4.31 expose a misconfigured management API that lacks proper authentication, allowing potential unauthorized access by actors on the management network. The vulnerability was introduced in 3.3.22 and fixed in 4.0.21 and later. R...
CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...
CVE-2025-62986
Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...