435 matches found
CampCodes Online Learning Management System SQL注入漏洞
CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file...
PT-2025-39739
Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A SQL injection issue exists in Campcodes Online Learning Management System version 1.0. The issue is located in the file /admin/de activate.php and affects an unknown functio...
PT-2025-38145
Name of the Vulnerable Software and Affected Versions: Sydney theme for WordPress versions prior to 2.57 Description: The Sydney theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the activate modules function. This allows authenticated...
CLSA-2025-1757922878 kernel: Fix of 4 CVEs
net/sched: Always pass notifications when child class becomes empty CVE-2025-38350 - schcbq: make cbqqlennotify idempotent CVE-2025-38000 - schhtb: make htbqlennotify idempotent CVE-2025-37932 - codel: remove sch-q.qlen check before qdisctreereducebacklog CVE-2025-37798 - schqfq: make...
CVE-2025-8479 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery
The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...
CVE-2025-8479
CVE-2025-8479: The Zoho Flow WordPress plugin (versions ≤ 2.14.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in zoho_flow_deactivate_plugin. This allows unauthenticated attackers to cause changes to typography settings by tricking an admin into a forged ...
PT-2025-37119
The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zoho flow deactivate plugin function. This makes it possible for unauthenticated attackers to modify typography...
CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
CVE-2025-0951
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability
Missing Authorization to Authenticated Subscriber+ All Plugins Deactivated vulnerability discovered by Lucio Sá in WordPress Theme Hub versions = 1.2.12...
CVE-2025-8102
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...
CVE-2025-8102
CVE-2025-8102: Easy Digital Downloads for WordPress (versions ≤ 3.5.0) is vulnerable to Cross-Site Forgery via missing nonce checks in edd_sendwp_disconnect and edd_sendwp_remote_install. This CSRF allows unauthenticated attackers to deactivate or trigger activation/deactivation of the SendWP plu...
CVE-2025-21010
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account...
coresight: prevent deactivate active config while enabling the config
...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Aug-2025 Release 1, which stems from improper privilege management and...
The vulnerability of the j1939_session_deactivate() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the j1939sessiondeactivate function in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-7641
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file deactivateact.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely...
CVE-2023-46188
Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...
CVE-2023-22687
Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin = 1.9.4.0 versions...