netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.116 contained a security vulnerability, which was caused by improper implementation of DevTools. This vulnerability could allow attackers to inject scripts or HTML into privileged pages through...

CVE-2025-13617

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Tanium Cloud Workloads 安全漏洞

Tanium Cloud Workloads is a security and management module provided by the American company Tanium. There is a security vulnerability present in Tanium Cloud Workloads, which stems from an attacker who may be allowed access to Tanium client containers, capable of executing denial-of-service attac...

CVE-2025-13617

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13617 Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13617 Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13617

CVE-2025-13617 refers to the Apollo13 Framework Extensions plugin for WordPress, where a stored XSS exists in the a13_alt_link parameter for all versions up to 1.9.8. The vulnerability requires authentication at Contributor level or higher and can cause arbitrary scripts to run in pages viewed by...

WordPress plugin Apollo13 Framework Extensions 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Apollo13 Framework Extension plugin <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via a13altlink Parameter vulnerability discovered by Webbernaut in WordPress Plugin Apollo13 Framework Extensions versions = 1.9.8...

CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

CVE-2026-20144

CVE-2026-20144 affects Splunk Enterprise (and Cloud Platform variants) where a user with access to the _internal index on a Search Head Cluster could view SAML configurations (AQRs or Authentication extensions) in plain text in the conf.log. Affected are Splunk Enterprise versions below 10.2.0, 1...

CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

PT-2026-20473

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11 Splunk Cloud Platform versions prior to 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120 Description A user with access to the Splunk internal index within a...

GHSA-QRQ5-WJGG-RVQW OpenClaw has a Path Traversal in Plugin Installation

Summary OpenClaw's plugin installation path derivation could be abused by a malicious plugin package.json name to escape the intended extensions directory and write files to a parent directory. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.1.20, = 2026.2.1 - Latest...

OpenClaw has a Path Traversal in Plugin Installation

Summary OpenClaw's plugin installation path derivation could be abused by a malicious plugin package.json name to escape the intended extensions directory and write files to a parent directory. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.1.20, = 2026.2.1 - Latest...

CVE-2025-32467

Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access wh...

aiohttp: AIOHTTP HTTP Request/Response Smuggling

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

📄 PluckCMS 4.7.10 Shell Upload

PluckCMS version 4.7.10 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : PluckCMS 4.7.10 Unrestricted File Upload RCE | | Author : indoushka | |...