6.1
CVE-2025-3421 - Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting
The Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. Thβ¦
5.4
CVE-2025-3422 - Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properlyβ¦
9.8
CVE-2025-3439 - Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.β¦
The Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This makes it possible for β¦
7.8
CVE-2024-13861 -
A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected.
7.7
CVE-2024-52280 - Users can issue watch commands for arbitrary resources
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.
6.4
CVE-2025-2575 - Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to iβ¦
6.4
CVE-2025-2541 - WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uplβ¦
The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aboβ¦
6.2
CVE-2024-52282 - Rancher Helm Applications may have sensitive values leaked
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Appsβ values. Additionally, the same information leaks into auditing lβ¦
5.3
CVE-2025-23387 - Rancher's SAML-based login via CLI can be denied by unauthenticated users
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7,β¦
8.2
CVE-2025-23388 - Unauthenticated stack overflow in /v3-public/authproviders API
A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.