6426 matches found
EUVD-2025-198372
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...
WordPress plugin WP Directory Kit SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...
PT-2025-47716
Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.4 Description The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the columns search parameter of the select 2 ajax function. Insufficient input sanitization and inadequate S...
CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
...
Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...
WordPress Grid KIT Portfolio plugin <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Grid KIT Portfolio versions = 2.2.1...
TencentOS Server 4: dpdk (TSSA-2025:0071)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0071 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-12878
The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
The malware authors associated with a Phishing-as-a-Service PhaaS kit known as Sneaky 2FA have incorporated Browser-in-the-Browser BitB functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount...
CVE-2025-4321
The CVE-2025-4321 entry concerns Silabs RS9116W-WiSeConnect SDK used in Bluetooth devices. Affected component: the RS9116-WiseConnect SDK handling L2CAP; root cause is processing malformed L2CAP packets, leading to a Denial of Service. Impact as stated: device remains non-operational until a hard...
Moderate: Red Hat Security Advisory: java-25-openjdk security update
An update for java-25-openjdk is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
OESA-2025-2693 spdk security update
The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...
OESA-2025-2692 spdk security update
The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...
Google Sues to Disrupt Chinese SMS Phishing Triad
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and...
Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2020-29361)
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. This plugin only works with Tenable.ot. Plea...
Malicious code in unise-kit-bog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 998557e88f30e429d750c6479e121f91f9d19ba418100ea549609e8187f927ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tunis-kit-bogai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbfc9da885c525dd8219ad6b16c3b0932ac1231e343c6a06a0f55dc13ab8b444 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in unise-kit-bogavfi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4540878abcde8a4b80055452ef5f0dc8932906cf9ca5d4261b0a84d4841b49a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in unise-kit-bogi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c64805fe2b37966b2797bfdde96f85332ed5ccc73aaeb1589e2d993ce821852 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in unise-kit-bograipda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5739dbf6f09424dae39af8e4922e2b853a58bc797688e506911932220a3af97f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...