CVE-2025-15260

The CVE applies to the WordPress plugin “MyRewards – Loyalty Points and Rewards for WooCommerce.” Connected sources confirm: vulnerable in all versions up to 5.6.0 (and PwC+ sources indicate up to 5.6.0) where the plugin fails to verify user authorization in the ajax function. This permits authen...

EUVD-2010-3671

Malware in sbrugna...

EUVD-2021-24895

Malware in sbrugna...

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

CVE-2025-0325

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 ...

CVE-2021-24380

The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values...

CVE-2018-6240

NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address...

CVE-2024-52792

LDAP Account Manager (LAM) is a PHP web frontend for managing entries in an LDAP directory. In affected versions, LAM does not sanitize configuration values set through mainmanage.php and confmain.php, allowing an attacker to smuggle arbitrary config values into config.cfg or serverprofile.conf b...

LDAP Account Manager 安全漏洞

LDAP Account Manager LAM is a web front-end to the LDAP Account Manager open source for managing entries e.g. users, groups, DHCP settings stored in the LDAP directory. A security vulnerability exists in LDAP Account Manager versions prior to 9.0 that stems from incorrect input validation of...

GHSA-W7HQ-F2PJ-C53G pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

Improper Input Validation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Input Validation through the Dropdown component's pre-processing step. An attacker can manipulate input data by sending custom requests with...

GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

CVE-2024-32625

In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations...

Asrmicro ASR Series 安全漏洞

The Asrmicro ASR Series is a series of chips from China's Avantage Technology Asrmicro. A security vulnerability exists in the Asrmicro ASR Series, which arises from a scalar field that is not initialized and therefore will contain arbitrary values left over from earlier calculations. The followi...

PT-2024-24729

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue is related to the OffloadAMRWriter, where a scalar field is not initialized, resulting in it containing an arbitrary value left over from earlie...

Buffer Overflow

org.apfloat:apfloat is vulnerable to Stack-based Buffer Overflow. The vulnerability is due to improper input validation within the org.apfloat.internal.DoubleModMath::modPow method, which can result in Denial of Service if an attacker can input arbitrary values to the method...

CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element...

Memory corruption

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element...

CVE-2023-43513 Use of Out-of-range Pointer Offset in PCIe

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element...