2431 matches found
CVE-2018-25172
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...
PT-2026-30182
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue within the nd async device register function during asynchronous initialization. This occurred when device add failed, leading to a drop...
EUVD-2026-9524
The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...
WordPress plugin Seraphinite Accelerator ๅฎๅ จๆผๆด
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-23110
Name of the Vulnerable Software and Affected Versions Drupal AJAX Dashboard versions prior to 3.1.0 Description A missing authentication check for a critical function in Drupal AJAX Dashboard allows exploitation of incorrectly configured access control security levels. The issue resides in the AJ...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005755)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005755 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...
CVE-2025-52469 Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamiloโs social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal fl...
CVE-2026-28557
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
๐ WordPress Document Library Lite 1.1.6 Information Disclosure
Proof of concept exploit for WordPress Document Library Lite plugin version 1.1.6. The plugin fails to restrict access to an internal AJAX API endpoint allowing unauthenticated attackers to fetch document records exposing sensitive metadata...
Google Android ๅฎๅ จๆผๆด
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, stemming from improper input validation in the setPackageOrComponentEnabled function. These vulnerabilities may lead to asynchronous notification polici...
Exploit for CVE-2026-3395
CVEโ2026โ3395 โ MaxSite CMS Unauthenticated Remote Code Execut...
CVE-2026-28557 wpForo Forum < 2.4.16 Privilege Escalation via Role Synchronization Handler
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
CVE-2026-28554 wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...
CVE-2026-28554 wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...
PT-2026-22478
Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description An issue exists in wpForo Forum that allows authenticated users to perform bulk wpForo usergroup reassignment. This is possible due to a missing capability check in the wpforo synch roles AJAX handler. A...
PT-2026-22475
Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a flaw due to missing authorization checks. An authenticated subscriber can approve or unapprove any forum post by exploiting the wpforo approve ajax AJAX handler. The check relies...
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...
WordPress plugin TP2WP Importer ่ทจ็ซ่ๆฌๆผๆด
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...