CVE-2019-14081

Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networki...

CVE-2012-1641

The finderimport function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import...

CVE-2018-18318

The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service NULL pointer dereference and device crash via a crafted 0xc0d8b300 ioctl call...

CVE-2012-5589

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...

CVE-2010-4663

Unspecified vulnerability in the News module in CMS Made Simple CMSMS before 1.9.1 has unknown impact and attack vectors...

CVE-2012-4469

Cross-site scripting XSS vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators...

CVE-2015-7231

The Commerce Commonwealth CBA module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."...

PT-2025-22455 · Zohocorp · Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 Description: The issue concerns an authenticated Local File Inclusion LFI in the Admin module of the software, specifically where help card content is...

CVE-2009-1942

Cross-site scripting XSS vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-1249

Cross-site scripting XSS vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map...

Drupal Quick Node Block module < 2.0.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Mitch Portier arkener in WordPress Module Quick Node Block versions 2.0.0...

CVE-2025-37975 riscv: module: Fix out-of-bounds relocation access

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows relj to access one element past the end of the relocation section. Simplify to numrelocations which is equivalent to the existing size expression...

EulerOS Virtualization 2.12.0 : python3 (EulerOS-SA-2025-1572)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a MEDIUM severity vulnerability affecting CPython. The socket module provides a pure- Python fallback to the...

Drupal Enterprise MFA - TFA for Drupal 跨站请求伪造漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system from the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0 that stems from vulnerability to cross-site request forgery attacks...

CVE-2025-3632 IBM 4769 Developers Toolkit denial of service

IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module HSM due to improper memory allocation of an excessive size...

CVE-2025-46593

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051

This module enables you to add a filter to text formats Full HTML, Filtered HTML, which will remove every iframe where the "src" is not on the allowlist. The module doesn't sufficiently filter these iframes in certain situations. This vulnerability is mitigated by the fact that an attacker must b...

CVE-2025-46585

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-2082

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...