WordPress The Logo Slider plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin The Logo Slider versions = 1.0.0...

quic-go affected by an ICMP Packet Too Large Injection Attack on Linux

...

Art Gallery Management System admin-profile.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contactnumber of /admin/admin-profile.php. An attacker can...

tushuguanlixitong 安全漏洞

tushuguanlixitong book management system is a book management system by the individual developer of China Mingyuefusu 明月复苏. A security vulnerability exists in tushuguanlixitong, which stems from an incorrect manipulation of the parameter condition that can lead to SQL injection...

CVE-2024-12109

The Product Labels For Woocommerce Sale Badges WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2025-2738 PHPGurukul Old Age Home Management System manage-scdetails.php sql injection

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The manipulation of the argument namesc leads to sql injection. The attack can be initiated remotely. The...

WordPress plugin WP-Recall 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-0723

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-12580

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

GHSA-JMGM-GX32-VP4W LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions

A vulnerability in the defaultjsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llamaindex repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service DoS attacks. The vulnerability affects the latest version and is fixed...

CVE-2025-29779

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function...

CVE-2025-24912

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...

The vulnerability of the MFlash secure data exchange platform lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the MFlash secure messaging platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the administration panel by injecting specially crafted HTML code...

CVE-2025-0162

CVE-2025-0162 affects IBM Aspera Shares 1.9.9–1.10.0 PL7. The issue is an XML External Entity (XXE) injection in XML processing, enabling a remote authenticated attacker to disclose sensitive data or cause memory/resource exhaustion. Root cause: improper handling of external entities in XML. Docu...

CVE-2025-27597

CVE-2025-27597 affects Vue I18n: the vulnerable components are @intlify/message-resolver and @intlify/vue-i18n-core. The handleFlatJson entry point allows prototype pollution via payloads that modify Object.prototype, enabling DoS and potentially enabling remote code execution if polluted propert...

CVE-2025-25294 Envoy Gateway Log Injection Vulnerability

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

Linux Distros Unpatched Vulnerability : CVE-2024-1597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no...

Linux Distros Unpatched Vulnerability : CVE-2022-0391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue...

CVE-2025-26136

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1...

Linux Distros Unpatched Vulnerability : CVE-2017-1000116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell- injection attacks. CVE-2017-1000116 Note that Nessus reli...