CVE-2026-7614

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

BIT-NIFI-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system developed by the Apache Foundation in the United States. This system is primarily used for data routing, transformation, and intermediate logic within the system. There are security vulnerabilities in Apache NiFi versions 1.1.0 to 2.7.2...

KubeVirt Guest Agent DoS via Excessive Network Interface Reports

A flaw was found in KubeVirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

CVE-2025-14525

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

CVE-2025-14525 Kubevirt: kubevirt: vm administration denial of service via guest agent

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

CVE-2025-14525

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

SQL Injection

phpMyFAQ is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of inputs in the main configuration update functionality, which allows a privileged attacker with configuration edit permissions to execute arbitrary SQL commands and compromise the database...

WordPress Popover Windows plugin <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Popover Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Popover Windows versions = 1.2...

EUVD-2019-10319

Malware in sbrugna...

EUVD-2021-1224

Malware in sbrugna...

CVE-2024-58132

CVE-2024-58132 affects chainmaker-go (ChainMaker) up to version 2.3.6, where multiple configuration updates on a single node can trigger concurrent reads/writes on a map, causing a panic. Public sources corroborate the issue across multiple catalogs (NVD/Red Hat/CIRCL), with the root cause descri...

CVE-2024-58132

In chainmaker-go aka ChainMaker before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic...

CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from not properly restricting permissions to update the SAML configuration. An attacker could use this vulnerability to modify the authentication process and steal user...

CVE-2024-45334

Trend Micro Antivirus One versions 3.10.4 and below Consumer is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions...

Trend Micro Antivirus One 安全漏洞

Trend Micro Antivirus One is an antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Antivirus One version 3.10.4 and prior versions, which stems from vulnerability to an arbitrary configuration update attack that could allow unauthorized access to product...

Honeywell UOC Security Vulnerability

Honeywell UOC is a unit operation controller from Honeywell USA. A security vulnerability exists in the Honeywell UOC that stems from allowing a file to be written that could result in unexpected behavior based on configuration changes or file updates...

A hacker can front-run the owner of a PrivatePool to drain the pool

Lines of code Vulnerability details Impact A hacker can sandwitch calls to setVirtualReserves or setMerkleRoot in a private pool and make an instant profit at the expense of the owner. For example, the hacker sees that there is a setVirtualReserves transaction in the mempool that will make the NF...

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...