Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the adminLoad.handleLoad process. An attacker can modify the running configuration and alter server behavior by sending cross-origin requests to the local admin API when origin enforcement is not...

CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

CVE-2025-12468

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Reporting API. An attacker can gain unauthorized access to sensitive report data by exploiting the flawed HTTP Basic Authentication implementation. Note: This is only exploitable if the API is enabled and...

CVE-2024-49375

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

Deserialization of Untrusted Data

Overview rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by loading a maliciously crafted model in...

Cilium 信息泄露漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. An information disclosure vulnerability exists in versions of Cilium prior to 1.13.4, which stems fr...

Apple MAC OS X < 10.9/10 - Local Root Exploit

Exploit for macOS platform in category local exploits / osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool =...