CVE-2026-25705

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

Astra Linux - уязвимость в qemu

A bug in QEMU could cause a guest I/O operation that is normally directed to an arbitrary disk offset to be directed instead to offset 0. This could potentially overwrite the VM’s boot code. For example, this could be exploited by L2 guests who have a virtual disk vdiskL2 stored on the virtual di...

CVE-2026-3772

The CVE-2026-3772 entry concerns the WP Editor WordPress plugin. A CSRF vulnerability exists in all versions up to and including 1.2.9.2 due to missing nonce verification in the add_plugins_page and add_themes_page functions. This can allow unauthenticated attackers to overwrite arbitrary plugin ...

Path traversal, lead to arbitrary file write, lead to remote code execution

Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...

Numbas < v7.3 - Remote Code Execution Exploit

Exploit Title: Numbas v7.3 - Remote Code Execution Exploit Author: Matheus Boschetti Vendor Homepage: https://www.numbas.org.uk/ Software Link: https://github.com/numbas/Numbas Version: 7.2 and below Tested on: Linux CVE: CVE-2024-27612 import sys, requests, re, argparse, subprocess, time from bs...

Numbas &lt; v7.3 - Remote Code Execution

Exploit Title: Numbas v7.3 - Remote Code Execution Google Dork: N/A Date: March 7th, 2024 Exploit Author: Matheus Boschetti Vendor Homepage: https://www.numbas.org.uk/ Software Link: https://github.com/numbas/Numbas Version: 7.2 and below Tested on: Linux CVE: CVE-2024-27612 import sys, requests,...

Medium: qemu

Issue Overview: A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L...

AZL-35596 CVE-2023-5088 affecting package qemu for versions less than 6.2.0-21

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

CVE-2023-5088 Qemu: improper ide controller reset can lead to mbr overwrite

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

QEMU Security Vulnerabilities

QEMU is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. hyper is a fast, correct HTTP implementation of Rust open-sourced by hyperium. QEMU suffers from a security vulnerability that stems from the possibilit...

Important: firefox

Issue Overview: The Mozilla Foundation describes this issue as follows: Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. CVE-2023-25751 The Mozilla Foundation describes...

CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

Mozilla: Incorrect code generation during JIT compilation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...

Mozilla: Incorrect code generation during JIT compilation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...

Mozilla: Incorrect code generation during JIT compilation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...

SUSE CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

GSD-2022-1000556 net/smc: Avoid overwriting the copies of clcsock callback functions

net/smc: Avoid overwriting the copies of clcsock callback functions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.11 by commit...

CVE-2021-24220

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...