UBUNTU-CVE-2025-3637

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

PT-2025-17660 · Drupal · Sportsleague

Name of the Vulnerable Software and Affected Versions: Sportsleague versions . Description: The issue affects the Sportsleague module in Drupal, but specific details about the nature of the issue are not provided in the available information. Recommendations: At the moment, there is no informatio...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

PT-2025-26 · Ооо '1С Битрикс' · Модуль Iblock

Уязвимость модуля iblock системы управления содержимым сайтов CMS 1С-Битрикс: Управление сайтом связана с ошибками при обработке относительного пути к каталогу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

CVE-2024-10088

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 7...

Drupal TacJS module < 6.7.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module TacJS versions 6.7.0...

CVE-2025-28256

An issue in TOTOLINK A3100R V4.1.2cu.5247B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cstemodules/wireless.so...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...

CVE-2025-27822

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people who can masquerade from switching to an account with administrative...

CVE-2024-58050

Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-58050

CVE-2024-58050 describes an improper access permission in Huawei HarmonyOS HDC module that can compromise service confidentiality. According to NVD and related records, the vulnerability has a LOCAL attack vector with LOW privileges required and no user interaction, potentially affecting confiden...

SUSE CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

CVE-2022-49444 module: fix [e_shstrndx].sh_size=0 OOB access

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

CVE-2025-1390

The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to...

PAM-PKCS#11 代码问题漏洞

PAM-PKCS11 is an OpenSC open source login module. A code issue vulnerability exists in PAM-PKCS11 0.6.12 and earlier versions, which stems from an incorrect handling of a user's canceled PIN entry operation, resulting in a segmentation error that could cause a daemon using PAM to crash...

Azure Linux 3.0 Security Update: ntopng / reaper (CVE-2017-18214)

The version of ntopng / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-18214 advisory. - The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via ...

CVE-2024-57959

Use-After-Free UAF vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2020-7875

DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution...

CVE-2024-51523

Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

Drupal Matomo Analytics module < 1.24.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Ivo Van Geertruyen in WordPress Module Matomo Analytics versions 1.24.0...