CVE-2025-2478 Code Clone <= 0.9 - Authenticated (Administrator+) SQL Injection via snippetId Parameter

The Code Clone plugin for WordPress is vulnerable to time-based SQL Injection via the ‘snippetId’ parameter in all versions up to, and including, 0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

WordPress plugin Code Clone SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

WordPress Code Clone plugin <= 0.9 - Authenticated (Administrator+) SQL Injection via snippetId Parameter vulnerability

Authenticated Administrator+ SQL Injection via snippetId Parameter vulnerability discovered by Hoang Phuc Vo HrxKnight in WordPress Plugin Code Clone versions = 0.9...

LibreChat 访问控制错误漏洞

LibreChat is an enhanced ChatGPT clone. LibreChat suffers from an Improper Access Control vulnerability that can be exploited by an attacker to corrupt application logic and permissions and allow unauthorized operations...

SUSE CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

DEBIAN-CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

CVE-2025-1767

CVE-2025-1767 affects Kubernetes clusters using the in-tree gitRepo volume to clone git repositories from pods on the same node. The in-tree gitRepo volume feature is deprecated and will not receive security updates upstream; clusters still using this feature remain vulnerable. The connected docu...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE PoC Overview This repository contains...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...

SUSE CVE-2022-49052

In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user process can be corrupted by seeing zeroed page unexpectedly. CPU A CPU B doswappage doswappage SWPSYNCHRONOUSIO path SWPSYNCHRONOUSIO...

SUSE CVE-2022-49275

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcantxhandler: fix use after free of skb canputechoskb will clone skb then free the skb. Move the canputechoskb for the mcan version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch...

UBUNTU-CVE-2022-49275

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcantxhandler: fix use after free of skb canputechoskb will clone skb then free the skb. Move the canputechoskb for the mcan version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch...

DEBIAN-CVE-2022-49052

In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user process can be corrupted by seeing zeroed page unexpectedly. CPU A CPU B doswappage doswappage SWPSYNCHRONOUSIO path SWPSYNCHRONOUSIO...

UBUNTU-CVE-2022-49052

In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONEVM cloning, user process can be corrupted by seeing zeroed page unexpectedly. CPU A CPU B doswappage doswappage SWPSYNCHRONOUSIO path SWPSYNCHRONOUSIO...

Malicious code in time-check-server-get (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25b39f6b89687636c8f9e90e3c326bcfb64ecbfa2594850247d4d2e9646b9257 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in tcloud-python-sdks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in time-server-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f796bcefeb9b8d3af4bde36c54545d77afdcd6b63284ae58b0a6078b0bbb561 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in acloud-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191677 Malicious code in alicloud-client-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 59563b61e548ff83488a4940e0511825ebf1a2d0995c83e0056e07fd7a4bd782 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in alicloud-client-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 59563b61e548ff83488a4940e0511825ebf1a2d0995c83e0056e07fd7a4bd782 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...