41 matches found
PT-2026-49212
WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs...
CVE-2026-27932
CVE-2026-27932 affects the Python library joserfc (1.6.2 and earlier). The root cause is an unbounded PBES2 Count (p2c) value read from a JWE protected header, which allows an attacker to trigger CPU exhaustion and Denial of Service by forcing extremely high PBKDF2 iteration counts. Impact is at ...
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...
CVE-2025-11763
The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'columncount' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11763
The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'columncount' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11763 Display Pages Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'columncount' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11763 Display Pages Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'columncount' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin wpForo Forum SQLę³Øå „ę¼ę“
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
EUVD-2025-35921
The wpForo Forum plugin for WordPress is vulnerable to errorābased or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...
CVE-2025-4203
The wpForo Forum plugin for WordPress is vulnerable to errorābased or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...
EUVD-2006-0482
Malware in sbrugna...
EUVD-2025-7235
Malicious code in bioql PyPI...
EUVD-2025-24004
Malicious code in bioql PyPI...
PT-2025-39144
Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17.0-rc4-00201-gd69eb204c255 and earlier Description A flaw exists in the Linux kernel's tracing/osnoise module, specifically within the bitmap parselist function. A null pointer dereference can occur when the count...
Linux kernel å®å Øę¼ę“
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unrestricted count parameter, which could lead to a buffer overflow attack...
CVE-2025-50467
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...
VulnCheck KEV: CVE-2021-45422
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. No authentication is required...
CVE-2018-18529
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...
Linksys E5600 å®å Øę¼ę“
Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version V1.1.0.26, which originates from a command injection vulnerability in the ptcount parameter in the runtime.pingTest function...
CVE-2022-49282 f2fs: quota: fix loop condition at f2fs_quota_sync()
In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fsquotasync cnt should be passed to sbhasquotaactive instead of type to check active quota properly. Moreover, when the type is -1, the compiler with enough inline knowledge can discard...