CVE-2022-1020

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...

ASUS AiCloud Improper Authentication Control Vulnerability

AiCloud is a cloud service from ASUS, designed to provide easy access to the data inside the router's back-up devices such as USBs or PCs, as well as uploading, downloading, playing music online, browsing documents online, sharing links to Facebook, and setting up Smart Sync to synchronize with t...

CVE-2025-26619 Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

LiteLLM Vulnerable to Remote Code Execution (RCE)

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...

Huawei HarmonyOS and EMUI emcom module out-of-bounds write vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds write vulnerability exists in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vlSelectionTuples function, allowing the usage of Function with arbitrary JavaScript code. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vlSelectionTuples function, allowing the usage of Function with arbitrary JavaScript code. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds write vulnerability exists in the...

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

CVE-2025-23058

A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged read-only authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges...

Next.js Allows a Denial of Service (DoS) with Server Actions

Impact A Denial of Service DoS attack allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low...

CVE-2024-56332 Next.js Vulnerable to Denial of Service (DoS) with Server Actions

Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service DoS attack that allows attackers to construct requests that leaves requests to Server Actions hanging...

WordPress plugin Notibar 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The Coupon Affiliates 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Simple Link Directory 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The ARMember 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The Uix Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin The Uix...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei Huawei.Huawei EMUI is a mobile operating system based on Android development.Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. Huawei EMUI and Huaw...

Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Contributor+ Arbitrary Function Execution vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.2.10...