Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability. This vulnerability stemmed from the AppArmor AFINET/AFINET6 socket mediation code, where uninitialized variables might have bee...

WordPress plugin G5Plus April 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Synaccess netBooter NP-02x和Synaccess netBooter NP-08x 安全漏洞

The Synaccess netBooter NP-02x and Synaccess netBooter NP-08x are both products of Synaccess Corporation, U.S.A. The Synaccess netBooter NP-02x is an Intelligent Power Distribution unit.The Synaccess netBooter NP-08x is an intelligent power controller. A security vulnerability exists in Synaccess...

EUVD-2025-200223

A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

CVE-2025-9980 Multiple Stored XSS in QuickCMS

QuickCMS is vulnerable to multiple Stored XSS in page editor functionality pages-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the...

CVE-2025-9980 Multiple Stored XSS in QuickCMS

QuickCMS is vulnerable to multiple Stored XSS in page editor functionality pages-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the...

EUVD-2025-26069

Malicious code in bioql PyPI...

EUVD-2025-26074

Malicious code in bioql PyPI...

CVE-2025-54540

QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but didn...

CVE-2025-54543

QuickCMS (CMS) is affected by CVE-2025-54543, a Stored XSS in the page editor SEO functionality via the sDescriptionMeta parameter. The vulnerability allows an admin with privileges to inject arbitrary HTML/JS that is rendered when visiting the edited page. Only version 6.8 has been tested and co...

CVE-2025-54541

CVE-2025-54541 affects QuickCMS. The flaw is a Cross-Site Request Forgery in the page deletion function: when an admin visits a crafted site, a POST request can delete an article. Only version 6.8 has been tested as vulnerable; other versions were not tested and may also be affected. The vendor w...

CVE-2025-54540

CVE-2025-54540 affects QuickCMS, with a Reflected XSS in the admin panel via the sSort parameter. The issue allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. Public documentation notes that only version 6.8 was tested and confirmed vulnerable; other versi...

Open Solution QuickCMS 跨站脚本漏洞

Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from improper neutralization of the sTitle parameter input and could lead to a stored cross-site scripting attack...

diyhi bbs 路径遍历漏洞

diyhi bbs patrol cloud light forum system is a Chinese open source project , using JAVA + MYSQL architecture , adaptive mobile and computer , simple interface , efficient performance . Path traversal vulnerability exists in diyhi bbs version 6.8, the vulnerability stems from the wrong operation o...

squid security update

7:5.5-6.0.1.8 - Rebuild with release bump 7:5.5-6.8 - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing CVE-2023-50269 7:5.5-6.7 - Resolves: RHEL-28614 - squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 7:5.5-6.6 - Resolves: RHEL-26091 - squid: denial of...

UBUNTU-CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

WordPress Formidable Forms Plugin <= 6.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Formidable Forms Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0660 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a7ac0638cbc Credits Webbernaut Required...