WordPress plugin Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2025-14857 Semtech LR11xx Memory Write Access Control Bypass

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

CVE-2025-40360

In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference NULL pointer in plane reset The plane state in drmgemresetshadowplane can be NULL. Do not deref that pointer, but forward NULL to the other plane-reset helpers. Clears plane-state to NULL. v2: - fix...

Linux Distros Unpatched Vulnerability : CVE-2024-26625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llc: call sockorphan at release time syzbot reported an interesting trace 1 caused by a stale sk-skwq pointer in a closed llc socket. In commit ff7b11aa481f net...

Malicious code in ecinc-cloud-moaxmpp (npm)

Package exhibits multiple malicious behaviors: Office doc access/encryption, DB interaction, local storage clearing, arbitrary code execution, /dev/shm ref. The code includes a native bridge that allows it to execute arbitrary SQL queries on a mobile device’s database when used within a specific...

Ensure That a User Is Locked After a Specified Number of Login Failures

If a user fails to log in to the system for a specified number of consecutive times, the system locks the user. That is, the user is not allowed to log in to the system for a specified period of time to prevent malicious system password cracking. During the lockout period, any input is considered...

CLSA-2025-1741624133 kernel: Fix of 5 CVEs

HID: core: zero-initialize the report buffer CVE-2024-50302 - Revert "drm/amdgpu: add missing size check in amdgpudebugfsgprwaveread" - drm/amd/amdgpu: Fix GPR read from debugfs v2 CVE-2024-50282 - USB: serial: ioedgeport: fix use after free in debug printk CVE-2024-50267 - wifi: iwlegacy: Clear...

OESA-2024-2174 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request...

Dahua DVR Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner, 'Description' = %qScans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and...

Malicious code in clears (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4894 Malicious code in clears (PyPI)

--- -= Per source details. Do not edit below this line.=-...

UBUNTU-CVE-2023-40458

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service DoS condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device...

PT-2023-20812 · Unknown · Efr32 Bluetooth Le Stack

Name of the Vulnerable Software and Affected Versions: EFR32 Bluetooth LE stack versions 5.1.0 through 5.1.1 Description: A memory leak in the EFR32 Bluetooth LE stack allows an attacker to send an invalid pairing message, causing future legitimate connection attempts to fail. The error is...

Bender ebee 充电控制器 安全漏洞

The ebee is a charge controller from Bender. A security vulnerability exists in the Bender ebee Charge Controller that stems from an unprotected data export. The backup export is protected by a random key. The key is set at user login. It is empty after a reboot. An attacker can exploit this...

PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry...

PT-2020-6574

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.7.17 Ansible Engine versions 2.8.x through 2.8.11 Ansible Engine versions 2.9.x through 2.9.7 Ansible Tower versions 3.4.5 and earlier Ansible Tower versions 3.5.5 and earlier Ansible Tower versions 3.6....