Microsoft Streaming Service 安全漏洞

Microsoft Streaming Service is a video platform from Microsoft Corporation USA. A security vulnerability exists in Microsoft Streaming Service. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...

Microsoft Visual Studio 代码问题漏洞

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio, which can be exploited by...

CVE-2024-12809

CVE-2024-12809 affects the Wishlist WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s wishlist_button shortcode, present in all versions up to and including 1.0.43. The root cause is insufficient input sanitization and output escaping on user-supplied attr...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05059)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Linux Distros Unpatched Vulnerability : CVE-2024-1023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP...

Linux Distros Unpatched Vulnerability : CVE-2023-5732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects...

Linux Distros Unpatched Vulnerability : CVE-2019-1010204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The...

Linux Distros Unpatched Vulnerability : CVE-2017-5897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip6greerr function in net/ipv6/ip6gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6...

Open Redirect

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Open Redirect due to improper sanitization of URL path segments after the product name. An attacker can redirect users to a malicious website by crafting a URL tha...

CVE-2025-0684 Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data

A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesyste...

Exploit for CVE-2025-23942

WP Load Gallery Exploit CVE-2025-23942 📌 Description Unr...

The vulnerability of the Linux operating system’s kernel component, which allows a hacker to cause a service failure

The vulnerability of the kernel component in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the ethtool component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ethtool component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

NETGEAR DGN2200 安全漏洞

The NETGEAR DGN2200 is a wireless router from NETGEAR. The NETGEAR DGN2200 is vulnerable to a privilege issue. An attacker can exploit the vulnerability by adding "?x=1.gif" to the requested URL to be recognized as authenticated...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with developer privileges. Successful exploitation requires the malicious party to trick the victim into opening...

WordPress plugin Munk Sites 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

CVE-2024-11415

The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageexmenusettings function. This makes it possible for unauthenticated attackers to escalate th...

CVE-2024-10238 fld->used_bytes without sanity check causes stack overflow

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld-usedbytes...

One policy to rule them all

Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In...

rsync: Info Leak via Uninitialized Stack Contents

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...