CVE-2025-22424

CVE-2025-22424 is described across multiple sources as an Android vulnerability arising from improper input validation that can cause images to be revealed across users, enabling local privilege escalation with no extra execution privileges. The NVD entry assigns a CVSS v3.1 base score of 7.8 (Hi...

PT-2026-34653

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...

CVE-2026-20081 Cisco Unity Connection Arbitrary File Download Vulnerability

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

SUSE-SU-2026:1335-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom bsc1260923. - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence bsc1260924. - CVE-2026-34002: XKB...

TP-Link多款产品 安全漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. Several TP-Link products have security vulnerabilities. These vulnerabilities stem from improper handling of Modem Management CLI command inputs. This could allow authenticated attackers with administrative privileges to execu...

WordPress plugin iSape 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

AMD多款产品 安全漏洞

AMD EPYC and other products are developed by American semiconductor company AMD. AMD EPYC is a high-performance server processor. Amd Epyc™ Embedded Processors are embedded processors. AMD EPYC Processors are a series of multi-core processors. Several AMD products have security vulnerabilities;...

MediaWiki 安全漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.39.14, 1.43.4, and 1.44.1 contain security vulnerabilities...

MediaWiki 安全漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.39.14, 1.43.4, and 1.44.1 contain security vulnerabilities...

PT-2026-5390

Name of the Vulnerable Software and Affected Versions Hikvision Wireless Access Points affected versions not specified Description Hikvision Wireless Access Points are susceptible to authenticated command execution because of inadequate input validation. An attacker possessing valid credentials c...

EUVD-2024-27259

Malicious code in bioql PyPI...

CVE-2025-6396

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting XSS.This issue affects Website Software: through 2025.07.14...

CVE-2025-54084

OS Command 'OS Command Injection' vulnerability in Calix GigaCenter ONT Quantenna SoC modules allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCente...

CVE-2025-53484

User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...

CVE-2025-48245

The CVE-2025-48245 entry concerns WordPress plugin Quick Contact Form, affected up to version 8.2.1. The underlying issue is improper neutralization of input during web page generation, i.e., a reflected XSS vulnerability. Reported score CVSSv3.1 base 7.1 (HIGH) with network attack vector, low pr...

WordPress plugin Responsive Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

CVE-2025-31389

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Introvoke Inc. dba Sequel.io Sequel sequel allows Reflected XSS.This issue affects Sequel: from n/a through = 1.0.11...

PT-2024-17512 · WordPress · Wp Service Payment Form With Authorize.Net

Name of the Vulnerable Software and Affected Versions: WP Service Payment Form With Authorize.net plugin for WordPress versions prior to 2.6.3 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scrip...

CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges...

USN-6401-1 freerdp2 vulnerabilities

It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,...