Security Vulnerabilities
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the underlying operating system.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-16
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘organizer_name' parameter in all versions up to, and including, 3.1.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-07-16
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-07-16
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’ function in all versions up to, and including, 5.9.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a logged-in user into performing an action such as clicking on a link.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-07-16
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVSS Score
2.3
EPSS Score
0.0
Published
2025-07-15
Page 1