1395 matches found
FreeRTOS-Plus-TCP 安全漏洞
FreeRTOS-Plus-TCP is an extensible open source and thread-safe TCP/IP stack for FreeRTOS. A security vulnerability exists in FreeRTOS-Plus-TCP that stems from a lack of validation checks in the UDP/IPv6 packet processing code, which could lead to invalid pointer dereferences...
PT-2025-41582
Name of the Vulnerable Software and Affected Versions FreeRTOS-Plus-TCP affected versions not specified Description A missing validation check in the ICMPv6 packet processing code can result in an out-of-bounds read when receiving ICMPv6 packets of specific message types that are smaller than...
CVE-2025-8291
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
EUVD-2018-10404
Malware in sbrugna...
BBMRI-ERIC Negotiator 跨站脚本漏洞
BBMRI-ERIC Negotiator is a biospecimen repository access tool from BBMRI-ERIC, Austria. A cross-site scripting vulnerability exists in BBMRI-ERIC Negotiator version v3.15.2, which stems from a lack of user input validation and could lead to a stored cross-site scripting attack...
CVE-2025-10311
The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated attackers to modify...
CVE-2025-9897
The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or...
CVE-2025-9213
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
EUVD-2025-26521
Malicious code in bioql PyPI...
EUVD-2025-32286
Malicious code in bioql PyPI...
EUVD-2025-26458
Malicious code in bioql PyPI...
EUVD-2025-25003
Malicious code in bioql PyPI...
EUVD-2025-30927
Malicious code in bioql PyPI...
EUVD-2025-24000
Malicious code in bioql PyPI...
EUVD-2025-24006
Malicious code in bioql PyPI...
EUVD-2025-25057
Malicious code in bioql PyPI...
EUVD-2025-25809
Malicious code in bioql PyPI...
CVE-2025-9895
The Notification Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the 'subscriber-list-empty.php' file. This makes it possible for unauthenticated attackers to empty the subscrib...
CVE-2025-9892
The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-10302
The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesaveoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...