6426 matches found
WordPress plugin WP Directory Kit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-48238
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order by' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
Security update for dpdk
This update for dpdk fixes the following issues: Update to version 22.11.10 CVE-2025-23259: Fixed an out-of-order completions in ordinary Rx burst. bsc1254161 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Ubuntu EDK2 安全漏洞
Ubuntu EDK2 is an open source firmware development kit for Ubuntu. A security vulnerability exists in Ubuntu edk2 that stems from the Secure Boot environment that allows access to the UEFI Shell, which could lead to Secure Boot constraints being bypassed...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198751
Malicious code in redux-router-kit npm...
Malicious code in redux-router-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3336c78dffab3cf95e60180dad5e67109d7de3e5dbfc888d10874c466a4088c The package redux-router-kit was found to contain malicious code. Source: ghsa-malware 6714063bc703d6750a4f6a6eedaa083372d15b7b9fa6eef3c58492ac74792b...
MAL-2025-190780 Malicious code in redux-router-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3336c78dffab3cf95e60180dad5e67109d7de3e5dbfc888d10874c466a4088c The package redux-router-kit was found to contain malicious code. Source: ghsa-malware 6714063bc703d6750a4f6a6eedaa083372d15b7b9fa6eef3c58492ac74792b...
CVE-2025-56400
CVE-2025-56400 describes a CSRF-type flaw in the OAuth flow of the Tuya SDK 6.5.0 for Android/iOS, affecting Tuya Smart and Smartlife apps and third‑party apps that integrate the SDK. The root cause is failure to validate the OAuth state parameter during account linking, allowing an attacker to t...
CVE-2025-13138
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
[SECURITY] Fedora 43 Update: dotnet10.0-10.0.100-1.fc43
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
[SECURITY] Fedora 42 Update: dotnet10.0-10.0.100-1.fc42
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
[SECURITY] Fedora 41 Update: dotnet10.0-10.0.100-1.fc41
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
WordPress WP Directory Kit plugin <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function vulnerability
Unauthenticated SQL Injection via select2ajax Function vulnerability discovered by tmrswrr in WordPress Plugin WP Directory Kit versions = 1.4.3...
CVE-2025-66067 WordPress Funnel Builder by FunnelKit plugin <= 3.13.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.13.1.2...
CVE-2025-13138
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
EUVD-2025-198434
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13138
The WP Directory Kit WordPress plugin is affected by an unauthenticated SQL injection in all versions up to 1.4.3, via the columns_search parameter of the select_2_ajax() function. The flaw stems from insufficient escaping of the user input and inadequate preparation of the existing SQL query, en...