Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2012R1.6, which stems from insufficient...

CVE-2025-11705 Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...

VulnCheck KEV: CVE-2025-11705

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...

PT-2025-43594

Name of the Vulnerable Software and Affected Versions WordPress Supervisor Plugin versions up to and including 1.3.2 Description The Supervisor plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check in multiple AJAX functions. Authenticate...

EUVD-2025-34720

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...

CVE-2025-10375

The WordPress plugin Web Accessibility by accessiBe (plugins: accessibe) is affected by CVE-2025-10375. A CSRF vulnerability exists in all versions up to 2.10 due to missing nonce validation on multiple AJAX actions (accessibe_signup, accessibe_login, accessibe_license_trial, accessibe_modify_con...

EUVD-2022-34643

Malicious code in bioql PyPI...

EUVD-2025-27652

Malicious code in bioql PyPI...

EUVD-2025-26081

Malicious code in bioql PyPI...

CVE-2025-59017 Broken Access Control in Backend AJAX Routes

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

CVE-2024-12612

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12612

CVE-2024-12612 affects the WordPress plugin “School Management System for Wordpress” (versions up to 93.2.0) and allows unauthenticated SQL injection via multiple AJAX actions due to insufficient parameter escaping and poor query preparation. Impact per sources: attackers could append additional ...

Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096

This module enables users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module alters the standard Drupal login form to use AJAX callbacks for handling authentication flow. The module doesn't sufficiently validate authentication under specific...

DEBIAN-CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

UBUNTU-CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2023-32251 Kernel: ksmbd brute force delay bypass via asynchronous requests

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2023-32251 Kernel: ksmbd brute force delay bypass via asynchronous requests

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an asynchronous request that can bypass antiviolate protections, potentially leading to a dictionary attack...

SUSE CVE-2025-38492

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...