CVE-2021-47936

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...

Exploit for CVE-2025-4396

CVE-2025-4396 - WordPress Relevanssi Time-Based Blind SQL Inje...

CVE-2025-6919

The CVE-2025-6919 entry describes an SQL Injection in Aykome License Tracking System (Cats Information Technology Software Development Technologies). Affected: License Tracking System before version dated 06.10.2025. Root cause: improper neutralization of special elements in SQL commands. Impact ...

CVE-2025-6919 SQLi in Cats Informatics' Aykome

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025...

CVE-2025-6919 SQLi in Cats Informatics' Aykome

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025...

EUVD-2025-4841

Malicious code in bioql PyPI...

CTFium

This is a collection of CTF Capture The Flag writeups by PersianCats. It is a repository of technical writeups for various CTF challenges from different events. The writeups cover a range of topics, including exploitation of vulnerabilities, reverse engineering, and binary analysis. The repositor...

CVE-2024-13577

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13577

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13577

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13577

CVE-2024-13577 — CATS Job Listings (WordPress) stored XSS . The WordPress plugin is vulnerable via the catsone shortcode, allowing stored cross-site scripting in all versions up to 2.0.9 due to insufficient input sanitization and output escaping for user-provided attributes. An authenticated atta...

CVE-2024-13577 CATS Job Listings <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13577 CATS Job Listings <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin CATS Job Listings 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress CATS Job Listings plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin CATS Job Listings versions = 2.0.9...

Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Overview Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

Malicious code in sap-cats (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 01665862aab373cb3718450061593c791128c0165f161a7105a72e3808845186 The OpenSSF Package Analysis project identified 'sap-cats' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 size 248: comm "cat", pid 23327, jiffies 4624670141 age 495992.217s hex dump first 32 bytes: 00 40 85 ...

Stack overflow

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...