WordPress plugin Lasa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress plugin Hara 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin CozyStay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Aora 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in WordPress Aora plugin, which stems from improper control of filenames for include or demand statements, and can be exploited by an...

WordPress plugin Sapa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Fana 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WPGYM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Steel Browser 安全漏洞

Steel Browser is an open source browser API for an artificial intelligence agent open-sourced by Steel. A security vulnerability exists in Steel Browser version 0.1.3 and earlier, which stems from path traversal due to the filename parameter operation in the api/src/modules/files/files.routes.ts...

Various ABB products predict filename vulnerability

ABB ASPECT and others are products of ABB Switzerland.ABB ASPECT is a scalable building energy management and control solution.ABB MATRIX is an embedded building automation network controller.ABB NEXUS is a wireless and wired solution. Various ABB products have a predicted filename vulnerability...

Astra Linux – Vulnerability in Subversion

Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, resulting in disruptions for users of the repository. All versions of Subversion, including Subversi...

Astra Linux – Vulnerability in libarchive

A vulnerability has been identified in the libarchive library. This flaw involves an “off-by-one” calculation error when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. Although seemingly minor, such an overflow can corrupt adjacent memory, resulting in...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of unexpectedly changing the path in ksmbdvfskernpathlocked has been fixed. When ksmbdvfskernpathlocked encounters an error, and it isn’t the last entry, it will exit without restoring the changed path buffer...

CVE-2025-46060

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866B2022506 allows a remote attacker to execute arbitrary code via the UPLOADFILENAME component...

Security update for valkey

This update for valkey fixes the following issues: CVE-2025-27151: Absence of filename size check may cause a stack overflow bsc1243804 CVE-2025-49112: setDeferredReply integer underflow bsc1243913 CVE-2025-21605: Output buffer denial of service bsc1241708 Patch Instructions: To install this SUSE...

TOTOLINK N600R 安全漏洞

The TOTOLINK N600R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK N600R version V4.3.0cu.7866B2022506, which stems from the UPLOADFILENAME component failing to correctly validate the length size of the input data, and can be...

WordPress WP Event Manager Improper Filename Control Vulnerability

WordPress WP Event Manager is an event management plugin designed specifically for WordPress that allows users to create, manage and promote various types of events including conferences, seminars, exhibitions, parties and more. A filename miscontrol vulnerability exists in WordPress WP Event...

WordPress Essential Real Estate Improper Filename Control Vulnerability

WordPress Essential Real Estate is a WordPress plugin for creating and managing real estate websites. WordPress Essential Real Estate suffers from a filename miscontrol vulnerability. An attacker can exploit this vulnerability to construct malicious requests that result in PHP native file inclusi...

UBUNTU-CVE-2025-41234

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework versions 6.0.5 through 6.2.7, which stems from uncleaned user input in...

Amazon Linux 2 : perl-File-Find-Rule (ALAS-2025-2891)

The version of perl-File-Find-Rule installed on the remote host is prior to 0.33-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2891 advisory. File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename...