NetApp StorageGRID 安全漏洞

NetApp StorageGRID is a object storage solution developed by the American network device company NetApp. Versions of NetApp StorageGRID prior to 11.9.0.12 and 12.0.0.4 contained security vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability when...

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-6379

The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handlelivefn function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the...

PT-2025-20705 · Toolhive · Toolhive

Name of the Vulnerable Software and Affected Versions: ToolHive versions prior to 0.0.33 Description: The issue arises from the ordering of code used to start a Model Context Protocol MCP server container in ToolHive, inadvertently storing secrets in run config files. This allows an attacker with...

CVE-2024-7856

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...