PT-2025-7523 · D Link · D-Link Dap-1320

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1320 version 1.00 Description: A critical issue has been found, affecting the function replace special char of the file /storagein.pd-XXXXXX. This issue leads to a stack-based buffer overflow and can be exploited remotely. The...

D-Link DAP-1320 安全漏洞

The D-Link DAP-1320 is a wireless signal extender from China-based AUO D-Link. The D-Link DAP-1320 suffers from a stack buffer overflow vulnerability that originates from the function replacespecialchar in file /storagein.pd-XXXXXX.An attacker can exploit this vulnerability to cause a program cra...

PT-2025-7633 · Unknown · Dom-Expressions

Name of the Vulnerable Software and Affected Versions: dom-expressions versions prior to 0.39.5 Description: The issue arises from the use of JavaScript's .replace function, which opens up to potential Cross-site Scripting XSS vulnerabilities with special replacement patterns beginning with $...

SUSE CVE-2025-21700

In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo...

CVE-2024-13770

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

WordPress CM WordPress Search And Replace plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CM On Demand Search And Replace versions = 1.4.5...

CVE-2025-24734

Missing Authorization vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Privilege Escalation.This issue affects Better Find and Replace: from n/a through = 1.6.7...

CVE-2025-22586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dstoever WPEX Replace DB Urls wpex-replace allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through = 0.4.0...

CVE-2022-46850

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

CVE-2024-10936

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized...

WordPress CM WordPress Search And Replace plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin CM On Demand Search And Replace versions = 1.4.4...

CVE-2025-24734

Missing Authorization vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Privilege Escalation.This issue affects Better Find and Replace: from n/a through = 1.6.7...

CVE-2025-24734

CVE-2025-24734 concerns the WordPress plugin Better Find and Replace (CodeSolz) up to version 1.6.7. The issue is a Missing Authorization vulnerability that enables Privilege Escalation. Impact details in the provided docs indicate a high-severity scenario (CVE metrics show Network attack path wi...

WordPress Better Find and Replace plugin <= 1.6.7 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Better Find and Replace versions = 1.6.7...

WordPress plugin Better Find and Replace 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2025-22586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dstoever WPEX Replace DB Urls wpex-replace allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through = 0.4.0...

CVE-2025-22586 WordPress WPEX Replace DB Urls Plugin <= 0.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dstoever WPEX Replace DB Urls wpex-replace allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through = 0.4.0...

PT-2025-4574 · WordPress · Wpex Replace Db Urls

The vulnerable software is WPEX Replace DB Urls, developed by Detlef Stöver. The vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This issue affects WPEX Replace DB Urls versions from n/a through...