PT-2026-29614

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the...

WordPress UserPlus plugin <= 2.0 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton - Wordfence in WordPress Plugin UserPlus versions = 2.0...

CVE-2025-32328

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2004-2420

Malware in sbrugna...

Google Android elevation of privilege vulnerability (CNVD-2025-26885)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a lack of privilege checking in multiple functions. The vulnerability can be exploited by an attacker to cause privilege escalation...

PT-2025-36078

Name of the Vulnerable Software and Affected Versions: AppOpsService.java affected versions not specified Description: The software contains a flaw in multiple functions of AppOpsService.java due to improper input validation. This can allow an attacker to add a large amount of app ops, potentiall...

ASB-A-365739560

In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

LLMxCPG: Context-Aware Vulnerability Detection through Code Property Graph-Guided Large Language Models

Software vulnerabilities present a persistent security challenge, with over 25,000 new vulnerabilities reported in the Common Vulnerabilities and Exposures CVE database in 2024 alone. While deep learning based approaches show promise for vulnerability detection, recent studies reveal critical...

WordPress WP Compress plugin <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions vulnerability

Authenticated Subscriber+ Missing Authorization via Multiple Functions vulnerability discovered by mikemyers in WordPress Plugin WP Compress versions = 6.30.15...

WordPress FoodBakery plugin <= 4.7 - Cross-Site Request Forgery in Multiple Functions vulnerability

Cross-Site Request Forgery in Multiple Functions vulnerability discovered by Lucio Sá in WordPress Plugin FoodBakery versions = 4.7...

WordPress FoodBakery plugin <= 4.7 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by Lucio Sá in WordPress Plugin FoodBakery versions = 4.7...

CVE-2024-12138

A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function requestnew/getemployeeshift/createreimbursement/keyresultcurrentvalueupdate/createmeetings/createskills. The manipulation leads to deserialization. The attack can be initiated remotely...

WordPress Rover IDX plugin <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions vulnerability

Authenticated Subscriber+ Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin Rover IDX versions = 3.0.0.2903...

DEBIAN-CVE-2024-49982

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 "aoe: fix the potential use-after-free problem in aoecmdcfgpkts" makes tx calling devput instead of doing in aoecmdcfgpkts. It...

WordPress WP Easy Post Types plugin <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions vulnerability

Authenticated Subscriber+ Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin Easy Post Types versions = 1.4.4...

PT-2024-38074 · Netease Youdao · Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: The issue concerns a SQL injection vulnerability where unsafe data obtained from user input is concatenated in SQL queries. This affects functions including get knowledge base name, from...

CVE-2024-8319

The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction,...

WordPress Social Auto Poster plugin <= 5.3.14 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin Social Auto Poster versions = 5.3.14...

node-images Security Vulnerabilities

node-images is a lightweight cross-platform image codec library for Node.js by the individual developer zhangyuanwei. A security vulnerability exists in node-images that stems from providing unexpected input types to multiple different functions, making it susceptible to Denial of Service DoS...

CVE-2024-31327

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...