DEBIAN-CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

UBUNTU-CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

CVE-2025-22402

Dell Update Manager Plugin, versions 1.5.0 through 1.6.0, contains an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

CVE-2022-47320

The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes...

CVE-2022-36970

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

Malicious code in lightgboost (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03aea882aa08832e53ccfb267fe4b95c9ea4f24ea51ceeaaa4a85557e67ce15b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...

MAL-2025-191766 Malicious code in inkpy-jinja (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c230bd12491edc91bbbc1080b2d650c4889a8b9269b85a346839a32900bfad2b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...

CVE-2024-27993

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.2...

CVE-2024-4230

External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure,...

The vulnerability of the Basic HTTP Authentication module in Drupal CMS systems allows attackers to circumvent existing security restrictions.

The vulnerability of the Basic HTTP Authentication module in Drupal CMS systems is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

CVE-2024-13715

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

WordPress zStore Manager Basic plugin <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing vulnerability

Missing Authorization to Authenticated Subscriber+ Cache Clearing vulnerability discovered by Peter Thaleikis in WordPress Plugin zStore Manager Basic versions = 3.311...

WordPress plugin zStore Manager Basic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-2254 · WordPress · Zstore Manager Basic

Name of the Vulnerable Software and Affected Versions: zStore Manager Basic plugin for WordPress versions up to, and including, 3.311 Description: The issue is related to a missing capability check on the zstore clear cache function, which allows authenticated attackers with Subscriber-level acce...

PT-2025-2797 · Edimax · Edimax Ac1200 Wi-Fi 5 Dual-Band Router Br-6476Ac

Name of the Vulnerable Software and Affected Versions: Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06 Description: The issue is related to a buffer overflow that can occur through the /goform/getWifiBasic API endpoint. This endpoint is vulnerable to a buffer overflow, which can be...

SUSE CVE-2025-24355

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

GHSA-V34R-VJ4R-38J6 Updatecli exposes Maven credentials in console output

Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...

PT-2025-5338 · Updatecli +2 · Updatecli +2

Name of the Vulnerable Software and Affected Versions: Updatecli versions prior to 0.93.0 Description: The issue concerns the leakage of private Maven repository credentials in application logs when an updatecli pipeline execution fails. This occurs when the pipeline contains a maven source...

CVE-2025-23919 WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through = 0.0.39...

CVE-2024-39603

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...