emlog 安全漏洞

emlog is emlog open source a PHP and MySQL based CMS website builder. A security vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient keyword parameter cleanup, and could lead to a remote attacker injecting arbitrary Web scripts...

WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Houzez versions = 4.2.5...

CVE-2022-50104

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xivegetmaxprio offindnodebypath returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50084

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidstatus There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsiraid...

CVE-2022-50191

CVE-2022-50191 affects the Linux kernel regulator subsystem (of:), describing a refcount leak in the handling of of_get_regulation_constraints(). The remedy is a fixed lifecycle management: call of_node_put() on the reference returned by of_get_child_by_name() which had its refcount increased. Co...

CVE-2022-50135

Summary (CVE-2022-50135): In the Linux kernel, the RDMA/rxe path contains a bug where, during error handling in rxe_qp_from_init, the qp’s rcq and scq are set to NULL, but later in rxe_qp_do_cleanup they are dereferenced (qp-&gt;scq-&gt;num_wq and qp-&gt;rcq-&gt;num_wq). This results in a null-pt...

CVE-2022-50097

CVE-2022-50097 affects the Linux kernel’s video fbdev s3fb driver. The bug arises in s3fb_set_par() where the code computes screen_size from user input and can exceed info-&gt;screen_size, leading to a kernel PAGE_FAULT on write (local access) during memset_io. The issue is mitigated by the docum...

WordPress Soho Hotel theme <= 4.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bonds in WordPress Theme Soho Hotel versions = 4.2.5...

CVE-2025-46154

Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...

Deno 数据伪造问题漏洞

Deno is a simple, modern and secure JavaScript and TypeScript runtime environment from Deno Open Source. A data forgery issue vulnerability exists in Deno versions 1.46.0 through 2.1.6, which stems from the AES-256-GCM and AES-128-GCM unvalidated authentication tags, and could lead to a failure o...

CVE-2024-25614

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the...

CVE-2023-0735

Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.5.4...

CVE-2023-32509

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...

ACSE-Eval: Can LLMs Threat Model Real-World Cloud Infrastructure?

While Large Language Models have shown promise in cybersecurity applications, their effectiveness in identifying security threats within cloud deployments remains unexplored. This paper introduces AWS Cloud Security Engineering Eval, a novel dataset for evaluating LLMs cloud security threat...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

CVE-2022-3025

creationtimestamp| type| source ---|---|--- 2025-05-22 14:44:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17291...

WordPress Order Delivery Date Pro for WooCommerce plugin < 12.4.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Order Delivery Date for WP e-Commerce versions 12.4.0...

CVE-2025-47757

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!setplctypedefault function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...

CVE-2025-47754

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!ConvMacroData function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...