CVE-2025-34073

An unauthenticated command injection vulnerability exists in stamparm/maltrail Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input...

CVE-2023-28911 Arbitrary Channel Disconnection Resulting in Denial of Service

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every...

WordPress Creative Contact Form Plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Creative Contact Form Plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a...

(0Day) Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getAppFileBytes method. The issue results fro...

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

CVE-2025-6442

CVE-2025-6442 affects Ruby WEBrick: the vulnerability is a flaw in read_headers that causes inconsistent termination parsing of HTTP headers, enabling HTTP request smuggling under certain proxy conditions. Affected are Ruby WEBrick and Rubygem-WeBrick components across several platforms (e.g., Ru...

CVE-2025-6556

CVE-2025-6556 affects Google Chrome/Chromium loaders: insufficient policy enforcement in the Loader can allow a remote attacker to bypass content security policy via a crafted HTML page. Public references in the CVE entry indicate the vulnerability exists prior to Chrome 138.0.7204.49. Debian sec...

WordPress Click to Chat plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Click to Chat plugin, which stems from insufficient input cleanup and escaping, and can be exploited by an attacker ...

WordPress Advanced Sermons plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Advanced Sermons plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

Red Hat Connectivity Link Information Disclosure Vulnerability

Red Hat Connectivity Link is a Kubernetes network connectivity management platform from Red Hat, USA. Red Hat Connectivity Link suffers from an information disclosure vulnerability that stems from improper key storage, which can be exploited by an attacker to cause information disclosure...

CVE-2025-45526

A denial of service DoS vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content e.g., 100...

CVE-2025-20234

CVE-2025-20234 is a memory overread vulnerability in ClamAV’s UDF file processing that can be exploited by an unauthenticated attacker to cause a DoS via crafted UDF content. Affected: ClamAV UDF scanning; root cause: memory overread during UDF file scanning. Impact: DoS on the ClamAV process; no...

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-44951

A missing length check in ogspfcpdevadd function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dev field with a value with length greater than 32...

WordPress Avaz plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Avaz plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

CVE-2025-35978

Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be...

CVE-2025-22242 CVE-2025-22242 salt advisory

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

PT-2025-25253 · Joomla · Media Gallery

Name of the Vulnerable Software and Affected Versions: RSMediaGallery! component versions 1.7.4 through 2.1.7 Description: A SQL injection issue was discovered in the dashboard component of the RSMediaGallery! component for Joomla. The problem arises because user-supplied input is not properly...

WordPress File Provider plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress File Provider plugin suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF checks. An attacker could use this vulnerability to all...

CVE-2024-54019

CVE-2024-54019 concerns Fortinet FortiClientWindows. The issue is an improper validation of certificates with host mismatch across FortiClientWindows versions 7.0, and 7.2.0–7.2.6, plus 7.4.0. This flaw allows an unauthenticated attacker to redirect VPN connections (e.g., via DNS spoofing or othe...