CVE-2025-45001

CVE-2025-45001 affects react-native-keys 0.7.11. The issue is that encryption cipher data and Base64 chunks are stored as plaintext in the compiled native binary, enabling leakage of secrets through basic static analysis. Documents consistently describe this as a remote information-disclosure vul...

PT-2025-24542 · Unknown · React-Native-Keys

Name of the Vulnerable Software and Affected Versions: react-native-keys version 0.7.11 Description: The issue concerns sensitive information disclosure, where encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basi...

WordPress plugin WP Travel Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin AI Mortgage Calculator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.1 release

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

MAL-2025-4612 Malicious code in react-native-google-acm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3987a453bfe3f7164232221b3a1a0f9c3c182a6581cf7a9241f4fbb7e77af649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Introducing Wiz Service Catalog: Democratize Cloud Security with Application Service Visibility

Empower platform teams and developers to reduce noise, scale ownership, and accelerate remediation across cloud-native apps...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 139, Firefox ESR versions prior to 115.24, and Firefox ESR versions prior to 128.11, which stems from insufficient escaping of line...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 139 and Firefox ESR versions prior to 128.11, which stems from insufficient escaping of the & symbol in the Copy as cURL feature,...

Malicious code in react-native-xaml-repo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d64cdbdbf3b2ec9cf523f3b4b0b787c947b6c50c2d4d42bf96c13cd906d84c9f Any computer that has this package installed or running should be considered...

MAL-2025-4576 Malicious code in react-native-xaml-repo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d64cdbdbf3b2ec9cf523f3b4b0b787c947b6c50c2d4d42bf96c13cd906d84c9f Any computer that has this package installed or running should be considered...

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2025-0487

A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/catedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-0483

A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2025-0491

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/catdodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-0490

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/articledodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-0488

A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file productlist.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

CVE-2024-45054

Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...