CVE-2025-11678

CVE-2025-11678 affects libwebsockets (lws_adns_parse_label). The vulnerability is a stack-based buffer overflow that can occur when LWS_WITH_SYS_ASYNC_DNS is enabled, allowing an attacker who can observe a DNS request to craft a response with a long label that overflows label_stack. Affected soft...

Libwebsockets 安全漏洞

Libwebsockets is a canonical libwebsockets networking library open-sourced by lws-team. A security vulnerability exists in Libwebsockets that stems from a stack-based buffer overflow in the lwsadnsparselabel function when compiled with the LWSWITHSYSASYNCDNS flag enabled, which could lead to the...

CVE-2025-11742

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-34954

The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixelajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for...

CVE-2020-36854

The CVE-2020-36854 case concerns the WordPress Async JavaScript plugin (versions up to and including 2.19.07.14). The root cause is missing authorization checks on the aj_steps AJAX action and insufficient sanitization of saved settings, enabling an stored XSS for authenticated users with subscri...

Missing Authorization

TYPO3 CMS is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the backend routing component, which allows authenticated backend users to directly invoke AJAX backend routes without proper access permissions, potentially leading to unauthorized acces...

CVE-2025-10849

CVE-2025-10849 : Felan Framework WordPress plugin contains an unauthorized data modification vulnerability due to a missing capability check in process_plugin_actions (AJAX). Affected versions up to 1.1.4 allow unauthenticated attackers to activate/deactivate plugins. Wordfence lists the patch st...

EUVD-2025-34720

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...

Missing Authorization Checks

typo3/cms-workspaces is vulnerable to missing authorization checks. The vulnerability is due to improper access control in the Workspace Module, which allows an attacker to directly invoke the AJAX backend route and disclose sensitive information without proper access permissions...

Linux Distros Unpatched Vulnerability : CVE-2025-39964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an...

CVE-2025-10375

The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibesignup, accessibelogin, accessibelicensetrial, accessibemodifyconfig,...

CVE-2025-10375

The WordPress plugin Web Accessibility by accessiBe (plugins: accessibe) is affected by CVE-2025-10375. A CSRF vulnerability exists in all versions up to 2.10 due to missing nonce validation on multiple AJAX actions (accessibe_signup, accessibe_login, accessibe_license_trial, accessibe_modify_con...

CVE-2025-10375 Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery

The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibesignup, accessibelogin, accessibelicensetrial, accessibemodifyconfig,...

CVE-2025-11166

WP Go Maps (formerly WP Google Maps) for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) across all versions up to 9.0.46. The root cause is an AJAX bridge that exposes state-changing REST actions without proper CSRF token validation and GET-accessible destructive logic lacking a per...

CVE-2025-11171

CVE-2025-11171 affects the Chartify – WordPress Chart Plugin (up to version 3.5.9). A Missing Authentication for a Critical Function vulnerability arises from an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter without nonce or capability checks. Thi...

CVE-2025-6242 Vllm: server side request forgery (ssrf) in mediaconnector

A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an...

EUVD-2017-8031

Malware in sbrugna...

EUVD-2018-17869

Malware in sbrugna...

EUVD-2018-17860

Malware in sbrugna...

EUVD-2019-8959

Malware in sbrugna...