mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory reset function. Unauthorized attackers could exploit...

EUVD-2026-27213

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

Astra Linux - уязвимость в qemu

A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...

RUSTSEC-2026-0132 Potential out-of-bounds write via public `Context` fields

The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...

Potential out-of-bounds write via public `Context` fields

The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...

CVE-2025-13527

The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xsharepluginreset' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged...

PT-2026-1594

Name of the Vulnerable Software and Affected Versions xShare plugin for WordPress versions up to and including 1.0.1 Description The xShare plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the xshare plugin reset function. An...

PT-2025-51073

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify cp reset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-202957

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...

PT-2025-50818

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989105)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989105 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schtaprio: properly cancel timer from tapriodestroy There is a comment in qdisccreate...

EUVD-2020-23984

Malware in sbrugna...

EUVD-2024-54454

Malicious code in bioql PyPI...

EUVD-2025-9370

Malicious code in bioql PyPI...

EUVD-2024-39819

Malicious code in bioql PyPI...

PT-2025-40510

Name of the Vulnerable Software and Affected Versions Optimize More! – CSS plugin for WordPress versions up to and including 1.0.3 Description The software is susceptible to a Cross-Site Request Forgery issue. This is caused by a lack of, or incorrect, nonce validation within the reset plugin...

kernel: net/sched: Always pass notifications when child class becomes empty

A use-after-free UAF vulnerability was found in the Linux kernel's net/sched subsystem, specifically in the Credit-Based Shaper CBS qdisc implementation schcbs. The vulnerability occurs because the CBS qdisc's reset function qdiscresetqueue only resets its internal queue but fails to reset its...

CVE-2024-46452

A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL...

CVE-2024-46452

A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL...

PT-2025-24540 · Unknown · Vigybag Open Source Online Shop

Name of the Vulnerable Software and Affected Versions: VigyBag Open Source Online Shop affected versions not specified Description: A Host Header injection issue in the password reset function allows attackers to redirect victim users to a malicious site via a crafted URL. Recommendations: At the...