8
CVE-2025-46827 - Graylog Allows Session Takeover via Insufficient HTML Sanitization
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissβ¦
7.5
CVE-2024-47619 - tranport: TLS host name wildcard matching too lax
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could hβ¦
9.3
CVE-2025-2777 - SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
9.3
CVE-2025-2776 - SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
9.3
CVE-2025-2775 - SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
4.3
CVE-2025-47692 - WordPress ContentStudio plugin <= 1.3.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
5.5
CVE-2025-47691 - WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <= 2.10.3.
5.3
CVE-2025-47688 - WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulneraβ¦
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.
6.5
CVE-2025-47686 - WordPress DELUCKS SEO plugin <= 2.5.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.
7.1
CVE-2025-47685 - WordPress Contribuinte Checkout plugin <= 2.0.03 - Cross Site Request Forgery (CSRF) to Stored XSS β¦
Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout contribuinte-checkout allows Stored XSS.This issue affects Contribuinte Checkout: from n/a through <= 2.0.03.