299 matches found
CVE-2025-2567 Lantronix Xport Missing Authentication for Critical Function
An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation...
CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...
CVE-2025-32941
creationtimestamp| type| source ---|---|--- 2025-04-15 04:38:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmtaycjrde2h 2025-04-15 07:24:04+00:00| seen| https://t.me/cvedetector/22908...
WordPress ORDER POST plugin <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Avraham Shemesh in WordPress Plugin ORDER POST versions = 2.0.2...
CVE-2025-27078
creationtimestamp| type| source ---|---|--- 2025-04-08 19:22:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmd755jc5t24...
CVE-2024-43067
Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory...
CVE-2025-31900
creationtimestamp| type| source ---|---|--- 2025-04-03 15:07:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llw6jxc7n22z 2025-04-03 17:44:37+00:00| seen| https://t.me/cvedetector/21982...
CVE-2025-3063 Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...
CVE-2022-49756
In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix potential null-ptr-deref in spusbphyprobe spusbphyprobe will call platformgetresourcebyname that may fail and return NULL. devmioremap will use usbphy-moon4resmem-start as input, which may causes...
CVE-2023-53002
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix a memory leak with reused mmapoffset drmvmanodeallow and drmvmanoderevoke should be called in balanced pairs. We call drmvmanodeallow once per-file everytime a user calls mmapoffset, but only call drmvmanoderevoke...
CVE-2023-52930
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit17 double-free A userspace with multiple threads racing I915GEMSETTILING to set the tiling to I915TILINGNONE could trigger a double free of the bit17 bitmask. Or conversely leak memory on the transition...
CVE-2025-26011
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword...
CVE-2025-2722
Last updated 25 March 2025...
CVE-2025-30558
Cross-Site Request Forgery CSRF vulnerability in EnzoCostantini55 ANAC XML Render anac-xml-render allows Stored XSS.This issue affects ANAC XML Render: from n/a through = 1.5.7...
CVE-2025-2482
creationtimestamp| type| source ---|---|--- 2025-03-22 07:38:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkx7uzg3zk24 2025-03-22 10:22:25+00:00| seen| https://t.me/cvedetector/20855...
CVE-2025-2477
creationtimestamp| type| source ---|---|--- 2025-03-22 07:38:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkx7uz3h5r2h 2025-03-22 10:22:32+00:00| seen| https://t.me/cvedetector/20861...
CVE-2025-2484
creationtimestamp| type| source ---|---|--- 2025-03-22 07:38:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkx7uyqnpo2s 2025-03-22 10:22:25+00:00| seen| https://t.me/cvedetector/20856...
CVE-2025-0192
creationtimestamp| type| source ---|---|--- 2025-03-20 13:03:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lksr44fju72s 2025-03-20 13:13:16+00:00| seen| https://t.me/cvedetector/20721 2025-08-11 18:27:49+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...
CVE-2025-27786
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. outputttspath in tts.py takes arbitrary user input and passes it to runttsscript function in core.py, which checks if the path in outputttspath exists, and if yes, removes that...
CVE-2025-30116
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...