11468 matches found
WordPress plugin Directorist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2025-35929
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
CVE-2025-10488
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
CVE-2025-10488 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
CVE-2025-10488
CVE-2025-10488 — Directorist (WordPress)
SUSE CVE-2022-50568
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...
PT-2025-43716
Name of the Vulnerable Software and Affected Versions Directorist versions up to and including 8.4.8 Description The Directorist plugin for WordPress is susceptible to arbitrary file move due to inadequate file path validation within the add listing action AJAX action. This allows unauthenticated...
EUVD-2022-54547
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...
CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...
Malicious code in add-to-cart-web (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-48789 Malicious code in add-to-cart-web (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
SUSE CVE-2022-50566
In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in addmtddevice There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 size 8: comm "insmod", pid 3922, jiffies 4295277753 age 925.408s hex du...
SUSE CVE-2022-50578
In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
EUVD-2023-60014
In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdccrtcsetcrcsource, struct drmcrtc was dereferenced in a containerof before the pointer check. This could cause a kernel panic. Fix this smatch warning: drivers/gpu/drm/stm/ltdc.c:11...
DEBIAN-CVE-2022-50578
In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...
CVE-2022-50566
In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in addmtddevice There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 size 8: comm "insmod", pid 3922, jiffies 4295277753 age 925.408s hex du...
DEBIAN-CVE-2022-50566
In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in addmtddevice There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 size 8: comm "insmod", pid 3922, jiffies 4295277753 age 925.408s hex du...
CVE-2022-50559
In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Add error processing before return, and modified the return value...