CVE-2025-23844 WordPress Custom Widget Classes plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jamsheer K Custom Widget Classes custom-widget-classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through = 1.1...

CVE-2025-23844

CVE-2025-23844 is a Cross-Site Request Forgery (CSRF) vulnerability affecting wellwisher Custom Widget Classes (Custom Widget Classes) with affected versions up to 1.1. The entry lists a CVSS v3.1 base score of 7.1 (HIGH) and notes that the issue is a CSRF, but the connected Red Hat entry does no...

CVE-2025-23844 WordPress Custom Widget Classes plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jamsheer K Custom Widget Classes custom-widget-classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through = 1.1...

WordPress Custom Widget Classes plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Custom Widget Classes versions = 1.1...

WordPress plugin Custom Widget Classes 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-5139 · Unknown · Wellwisher Custom Widget Classes

Name of the Vulnerable Software and Affected Versions: wellwisher Custom Widget Classes versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This is a type of attack where an attacker tricks a user into performi...

CVE-2024-56649

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetcsetuptcmqprio to configure MQPRIO. And enetcsetuptcmqprio calls enetcchangepreemptibletcs to configure preemptible TCs...

DEBIAN-CVE-2024-56649

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetcsetuptcmqprio to configure MQPRIO. And enetcsetuptcmqprio calls enetcchangepreemptibletcs to configure preemptible TCs...

UBUNTU-CVE-2024-56649

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetcsetuptcmqprio to configure MQPRIO. And enetcsetuptcmqprio calls enetcchangepreemptibletcs to configure preemptible TCs...

CVE-2024-56649 net: enetc: Do not configure preemptible TCs if SIs do not support

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetcsetuptcmqprio to configure MQPRIO. And enetcsetuptcmqprio calls enetcchangepreemptibletcs to configure preemptible TCs...

CVE-2024-56649

CVE-2024-56649 affects the Linux kernel ENETC MQPRIO offload implementation for VF (and some PFs) where enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs() but VF lacks the necessary registers. This can cause a NULL hw-&gt;port dereference and a crash when configuring preemptible traffic...

CVE-2024-56649 net: enetc: Do not configure preemptible TCs if SIs do not support

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetcsetuptcmqprio to configure MQPRIO. And enetcsetuptcmqprio calls enetcchangepreemptibletcs to configure preemptible TCs...

CVE-2024-56649 net: enetc: Do not configure preemptible TCs if SIs do not support

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetcsetuptcmqprio to configure MQPRIO. And enetcsetuptcmqprio calls enetcchangepreemptibletcs to configure preemptible TCs...

CVE-2024-56649

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetcsetuptcmqprio to configure MQPRIO. And enetcsetuptcmqprio calls enetcchangepreemptibletcs to configure preemptible TCs...

GHSA-76H9-2VWH-W278 Apache MINA Deserialization RCE Vulnerability

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

DEBIAN-CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

PT-2024-40049 · Unknown · Shared Preferences Android

Name of the Vulnerable Software and Affected Versions: shared preferences android versions prior to 2.3.4 Description: The issue arises from the serialization and deserialization of special string prefixes used to store data types that are not natively representable by the available storage...

PT-2024-9311 · Dell · Dell Openmanage Server Administrator

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Server Administrator versions 11.0.1.0 and prior Description: The issue is related to improper input validation, which could be exploited by a remote low-privileged malicious user to load any web plugins or Java class. This...

UBUNTU-CVE-2024-53110

In the Linux kernel, the following vulnerability has been resolved: vpvdpa: fix idtable array not null terminated error Allocate one extra virtiodeviceid as null terminator, otherwise vdpamgmtdevgetclasses may iterate multiple times and visit undefined memory...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...