8 matches found
CVE-2026-0746
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...
EUVD-2014-0128
Malware in sbrugna...
CVE-2024-35365
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpegmuxinit.c component of FFmpeg, specifically within the newstreamaudio function...
Huawei HarmonyOS and EMUI Memory Misreference Vulnerability Hole (CNVD-2023-61741)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI have a memory misreference...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...
RLSA-2022:5316 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...
Discuz! 7.x csrf+存储xss(富文本)脱裤(2处)和后台sql(root getshell)(附带exploit)
简要描述: Discuz! 7.x csrf xss富文本脱裤和后台sqlroot getshell,这回个真的给你们发一个实实在在的xss,美包包!!!,求加精! 详细说明: 今天审核了一下dz 7系列的内容,发现富文本一处代码,可绕过进行xss 首先我们看一下这个富文本绕过,直接看代码: diszuscode.func.php:305-317: function parseaudio$url, $width = 400, $autostart = 0 $ext = strtolowersubstrstrrchr$url, '.', 1, 5; switch$ext case 'mp3...