CVE-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

CVE-2022-1073

A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely...

CVE-2019-1020011

SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority...

CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

CVE-2024-32693

Cross-Site Request Forgery CSRF vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0...

CVE-2024-50493

Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through = 1.0.4...

CVE-2024-27954

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-27955

Cross-Site Request Forgery CSRF vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2025-23114

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

WordPress WP Sessions Time Monitoring Full Automatic Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Sessions Time Monitoring Full Automatic versions = 1.1.1...

Fedora 41 : buildah / containers-common / podman (2025-908dfe95f6)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-908dfe95f6 advisory. Security fix for CVE-2024-11218 - fixed in buildah 1.38.1, podman 5.3.2 Automatic update for buildah-1.38.1-1.fc41, containers-common-0.61.1-1.fc41,...

Description of the security update for Office 2016: January 14, 2025 (KB5002675)

Description of the security update for Office 2016: January 14, 2025 KB5002675 Summary This security update resolves a Microsoft Office security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21346. Note: To apply...

[SECURITY] Fedora 40 Update: suricata-7.0.8-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Security Updates for Microsoft Access Products C2R (December 2024)

The Microsoft Access Products are missing a security update. It is, therefore, affected by a security vulnerability that could allow arbitrary code to run when a maliciously modified file is opened. Note that Nessus has not tested for these issues but has instead relied only on the application's...

Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption

Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate i...

Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

CVE-2024-56693 brd: defer automatic disk creation until module initialization succeeds

In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 PGD 6e648067 P4D...

Exploit for SQL Injection in Valvepress Automatic

🛑CVE-2024-27956-for-fscan Thanks for the PoC by diego-tella...