EUVD-2025-10045

Malicious code in bioql PyPI...

CVE-2023-44227

Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9...

CVE-2025-39589 WordPress Essential Addons for Elementor <= 6.1.9 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9...

CVE-2025-39590

CVE-2025-39590 corresponds to a Stored XSS in WPDeveloper Essential Addons for Elementor (affected: versions n/a–6.1.9). The vulnerability stems from improper input neutralization during Web Page Generation, enabling stored cross-site scripting. CVSS v3.1 metrics indicate a Network attack vector,...

CVE-2025-39590 WordPress Essential Addons for Elementor plugin <= 6.1.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.1.9...

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-30373

CVE-2025-30373 affects Graylog (Graylog2-server) starting with version 6.1, where HTTP Inputs can be configured to require a header/value for authentication. The flaw: when the required header is missing or has an incorrect value, the system returns HTTP 401 but ingests the message anyway, effect...

CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

WordPress plugin Broadcast Live Video 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-37155 OpenCTI May Bypass Introspection Restriction

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...

OpenCTI 访问控制错误漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. An access control error vulnerability exists in OpenCTI versions prior to 6.1.9, which stems from the ability to bypass regular expression validation used to block Introspection queries by removing redundant...

CVE-2023-44227

Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9...

WordPress Plugin Simple File List 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-13180 · Mitchell Bennis · Simple File List

Name of the Vulnerable Software and Affected Versions: Simple File List versions 6.1.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Mitchell Bennis Simple File List. Recommendations: For versions 6.1.9 and earlier, update to a version that includes a f...

GSD-2023-1001913 tracing: Make sure trace_printk() can output as soon as it can be used

tracing: Make sure traceprintk can output as soon as it can be used This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...

PT-2023-35022 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to the misuse of kvcalloc with GFP NOFAIL in erofs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior t...

PT-2023-35021 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.2 through v6.1.8 Description: A potential security issue exists due to an ib block iterator counter overflow in the RDMA/core component. The actual impact and attack plausibility have not yet been proven...

PT-2023-34971 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to the x86/i8259 legacy PIC interrupts, which are marked with IRQ LEVEL. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2023-34985 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to the EDAC/qcom driver in the Linux Kernel, where the llcc driv data is passed as edac device ctl info's pvt info. The actual impact and attack plausibility have not yet...