76 matches found
CVE-2026-8685
The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...
Wikimedia AbuseFilter č¾å „éŖčÆéčÆÆę¼ę“
Wikimedia AbuseFilter is an editing filter tool developed by the Wikimedia Foundation, designed to automatically filter and block suspicious edits, account creation, and other disruptive activities based on custom rules. Versions of Wikimedia AbuseFilter prior to 1.43.7, as well as versions 1.44....
CVE-2025-71286
The CVE-2025-71286 issue concerns the Linux kernelās ALSA SOF ipc4-topology component, where memory allocation for bytes controls was miscalculated. This could allow local memory corruption due to under-allocating space behind scontrol->ipc_control_data; fixes request allocating additional mem...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net/smc: Check the return value of sockrecvmsg when draining CLC data. When receiving a CLC message, the field fieldlength in smcclcmsghdr indicates the length of the message that should be received from the network. The value of...
PT-2026-34464
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or...
PT-2025-48405
opening the vault on a 3-year-old vulnerability: CVE-2022-35420 back in 2022, I got bored and decided to hunt for a zero-day instead of writing the red-team report. I found an unauthenticated admin takeover in a SCADA system used to control real-world physical machinery. I waited until now to...
EUVD-2022-54711
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Correct getcontroldata for non bytes payload It is possible to craft a topology where sofgetcontroldata would do out of bounds access because it expects that it is only called when the payload is bytes...
EUVD-2016-1974
Malware in sbrugna...
EUVD-2019-2499
Malware in sbrugna...
EUVD-2025-21067
Malicious code in bioql PyPI...
EUVD-2022-55381
Malicious code in bioql PyPI...
kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, ¶1', which reads 5 bytes: void rtwfwbtwificontrolstruct...
kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, ¶1', which reads 5 bytes: void rtwfwbtwificontrolstruct...
š GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure
GeoVision ASManager Windows Application version 6.1.2.0 suffers from a credential disclosure vulnerability. Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...
kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, ¶1', which reads 5 bytes: void rtwfwbtwificontrolstruct...
CVE-2025-6741
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...
CVE-2025-2522
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access CDA. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which may...
CVE-2025-2522
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access CDA. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which may...
CVE-2025-27153
Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...
UBUNTU-CVE-2025-6297
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...