[SECURITY] Fedora 40 Update: libell-0.71-1.fc40

The Embedded Linux Library ELL provides core, low-level functionality for system daemons. It typically has no dependencies other than the Linux kernel, C standard library, and libdl for dynamic linking. While ELL is designed to be efficient and compact enough for use on embedded Linux platforms, ...

CVE-2023-48739 WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 2.12.1...

WordPress plugin Porto Theme - Functionality 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability i...

PT-2025-3188 · Unknown · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms versions n/a through 1.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious code into the HTML Forms,...

PT-2025-1549 · Unknown · Porto Theme - Functionality

Name of the Vulnerable Software and Affected Versions: Porto Theme - Functionality versions prior to 2.12.1 Description: The issue is related to a missing authorization vulnerability in Porto Theme - Functionality, which allows exploiting incorrectly configured access control security levels...

PT-2025-34630 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A heap-based buffer overflow exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious fi...

CVE-2024-56225

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through = 4.10.56...

CVE-2024-13038 CodeAstro Simple Loan Management System Login index.php sql injection

A vulnerability was found in CodeAstro Simple Loan Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be...

CVE-2024-13033

A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The...

CVE-2024-13008

CVE-2024-13008 affects code-projects’ Responsive Hotel Site version 1.0, specifically the function/file /admin/newsletter.php . The vulnerability arises from improper input validation of the eid parameter, enabling a SQL injection. Attacks can be launched remotely, and the exploit has been disclo...

CVE-2024-53228 riscv: kvm: Fix out-of-bounds array access

In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvmriscvvcpusbiinit the entry-extidx can contain an out-of-bound index. This is used as a special marker for the base extensions, that cannot be disabled. However, when traversing the...

CVE-2024-50944

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method...

Cosmos: Making transfer v2 channel unupgradable through the forwarding

The transfer v2 channel can become unupgradable through the forwarding functionality. The forwarding process can create packet commitments on a legitimate channel, which cannot be deleted due to the lack of acknowledgments from a malicious channel. This results in the legitimate channel being...

CVE-2024-12932

A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addSizeController.php. The manipulation of the argument size leads to cross site scripting. The attack can be launched...

PT-2024-17825 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown functionality of the file /update pd process.php. The...

Dell Integrated Remote Access Controller (iDRAC) Hardware Detection

Binary data dellidracdevicedetect.nbin...

CVE-2024-12883

A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The...

Exploit for Path Traversal in Ghost

CVE-2023-4002 Ghost-Arbitrary-File-Read : The username/email...

CVE-2024-12845

A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has...

CVE-2024-56335

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...