TinyWebGallery 代码问题漏洞

TinyWebGallery is a PHP photo album system of TinyWebGallery open source. A code issue vulnerability exists in TinyWebGallery version 2.5, which stems from improper upload functionality by the administrator and could lead to remote code execution...

CVE-2025-64243 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

Remote Code Execution

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

WordPress plugin All-in-One Addons for Elementor – WidgetKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-40829

A vulnerability has been identified in Simcenter Femap All versions V2512. The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-27146...

EUVD-2025-203002

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

Persistent Backdoor Attacks under Continual Fine-Tuning of LLMs

Backdoor attacks embed malicious behaviors into Large Language Models LLMs, enabling adversaries to trigger harmful outputs or bypass safety controls. However, the persistence of the implanted backdoors under user-driven post-deployment continual fine-tuning has been rarely examined. Most prior...

Jenkins has a Denial of service vulnerability in HTTP-based CLI

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...

CVE-2025-67471

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

EUVD-2025-202133

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

CVE-2025-62866

Cross-Site Request Forgery CSRF vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through = 2.5.2...

DEBIAN-CVE-2022-50673

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in listaddvalid+0x28/0x1a0 Read of size 8 at addr...

CVE-2025-63025

creationtimestamp| type| source ---|---|--- 2025-12-09 15:39:47+00:00| seen| https://gist.github.com/Darkcrai86/bbc8d4387a9b7424bc26ba53b8e9678d...

CVE-2025-67471 WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

PT-2025-49887

Name of the Vulnerable Software and Affected Versions Saad Iqbal Quick Contact Form versions through 8.2.5 Description A Cross-Site Request Forgery CSRF issue exists in Quick Contact Form. This allows attackers to perform actions on behalf of an authenticated user without their knowledge...

Unity Linux 20.1070e Security Update: gnupg2 (UTSA-2025-991107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991107 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...

CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...

CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

PT-2025-49106

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...

Fedora 43 : glib2 (2025-bab973d0b9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bab973d0b9 advisory. Update to 2.86.2 Fix CVE-2025-13601 or YWH-PGM9867-134 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...