118 matches found
WordPress plugin WP Count Down Timer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...
CVE-2025-64686
...
CVE-2025-12390 Org.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session id
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
UBUNTU-CVE-2025-61795
Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to...
ThingsBoard 安全漏洞
ThingsBoard is a Java-based platform for IOT devices for monitoring, management, and data collection by the ThingsBoard team. A security vulnerability exists in ThingsBoard versions prior to 4.2.1, which stems from insufficient cleanup of uploaded SVG files and improper validation of content type...
CVE-2025-6338 Possible denial of service with multiple incoming connections to a Schannel based server with a TLS backend
There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...
WordPress plugin External Login 信息泄露漏洞
The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. An information disclosure vulnerability exists in the WordPress External Login plugin, which...
EUVD-2017-5820
Malware in sbrugna...
SUSE CVE-2023-53594
In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in deviceadd When calling kobjectadd failed in deviceadd, it will call cleanupgluedir to free resource. But in kobjectadd, dev-kobj.parent has been set to NULL. This will cause resource leak. The...
EUVD-2023-24697
Malicious code in bioql PyPI...
Vulnerability-Lookup 跨站脚本漏洞
Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup version 2.16.0 that stems from insufficient cleanup of user input and could lead to a cross-site scripting attack...
Linux Distros Unpatched Vulnerability : CVE-2025-39750
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath12k: Correct tid cleanup when tid setup fails Currently, if any error occurs during ath12kdprxpeertidsetup, the tid value is already incremented, even...
FreePBX 安全漏洞
FreePBX formerly known as Asterisk Management Portal is a suite of tools from the FreePBX project for configuring Asterisk an IP telephony system via a GUI web-based graphical interface. A security vulnerability exists in FreePBX version 15.0.66 and versions prior to 17.0.3, which stems from...
Linux Distros Unpatched Vulnerability : CVE-2021-28688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went t...
WordPress plugin WP Talroo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Siemens多款产品 代码问题漏洞
Siemens SIMATIC STEP and others are products of Siemens, a German company. siemens SIMATIC STEP is a comprehensive engineering tool for configuring and programming SIMATIC controllers. siemens SIMATIC PCS neo is a distributed control system. siemens SIMATIC STEP 7 is a PLC program simulation...
Linux Distros Unpatched Vulnerability : CVE-2025-38024
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x7d/0xa0 lib/dumpstack.c:120...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
Citizen 跨站脚本漏洞
Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions prior to 1.9.4 through 3.4.0, which stems from a short description inserted by the ShortDescription extension that is not properly...
SUSE CVE-2022-50008
In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, and it could try to disarm an already disarmed kprobe and fire the WARNONCE below. 0 We can easily reproduce this issue. 1. Write 0 t...