Tagged: Cybersecurity Alert

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption. More information :...

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT’s Workif allows Cross-Site Scripting (XSS).This issue affects IT’s Workif: through 20251003. More...

The TableGen – Data Table Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping....

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘adv_parallax_back’ shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on...

The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wppe_effect’ shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping...

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the custom_actions() function not properly validating a user’s identity prior to...

Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory. More information : https://content.connect.panasonic.com/jp-ja/fai/file/66248

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B – Netsis Panel allows SQL Injection.This issue affects B2B – Netsis Panel:...

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An...

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail template settings. Once a malicious payload is saved, any...

Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the “Twitter”feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a “Twitter” message...

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained...

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. More information...