CVE-2025-10375

The WordPress plugin Web Accessibility by accessiBe (plugins: accessibe) is affected by CVE-2025-10375. A CSRF vulnerability exists in all versions up to 2.10 due to missing nonce validation on multiple AJAX actions (accessibe_signup, accessibe_login, accessibe_license_trial, accessibe_modify_con...

EUVD-2025-27652

Malicious code in bioql PyPI...

EUVD-2025-26081

Malicious code in bioql PyPI...

EUVD-2022-34643

Malicious code in bioql PyPI...

CVE-2025-59017 Broken Access Control in Backend AJAX Routes

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

CVE-2024-12612

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12612

CVE-2024-12612 affects the WordPress plugin “School Management System for Wordpress” (versions up to 93.2.0) and allows unauthenticated SQL injection via multiple AJAX actions due to insufficient parameter escaping and poor query preparation. Impact per sources: attackers could append additional ...

Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096

This module enables users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module alters the standard Drupal login form to use AJAX callbacks for handling authentication flow. The module doesn't sufficiently validate authentication under specific...

DEBIAN-CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

UBUNTU-CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2023-32251 Kernel: ksmbd brute force delay bypass via asynchronous requests

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2023-32251 Kernel: ksmbd brute force delay bypass via asynchronous requests

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an asynchronous request that can bypass antiviolate protections, potentially leading to a dictionary attack...

SUSE CVE-2025-38492

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...

UBUNTU-CVE-2025-38492

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...

📄 Discourse 3.2.x Anonymous Cache Poisoning

Discourse versions 3.1.x and 3.2.x suffer from an anonymous cache poisoning vulnerability. !/usr/bin/env python3 """ Exploit Title: Discourse 3.2.x - Anonymous Cache Poisoning Date: 2024-10-15 Exploit Author: ibrahimsql Github: : https://github.com/ibrahmsql Vendor Homepage: https://discourse.org...

CVE-2025-5692

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /includes/LBadminajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

vBulletin replaceAdTemplate Remote Code Execution

This module exploits a design flaw in vBulletin's AJAX API handler and template rendering system, present in versions 5.0.0 through 6.0.3. The vulnerability allows unauthenticated attackers to invoke protected controller methods via the ajax/api/ad/replaceAdTemplate endpoint, due to improper use ...

CVE-2023-0402

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...

WordPress多款产品 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers. A code injection...