689 matches found
CVE-2019-12357
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php when the attacker has admin authority via the id parameter...
CVE-2025-15186
A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...
CVE-2023-54159
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu-lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it m...
SUSE: Security Advisory (SUSE-SU-2025:4506-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-52616
TRC analysis shows attackers chaining authentication bypass CVE-2025-67039 with OS command injection flaws to gain root access on Lantronix devices. Root compromise enables lateral movement across network infrastructure. Runtime segmentation helps contain post-compromise pivoting in critical...
CVE-2025-14885
creationtimestamp| type| source ---|---|--- 2025-12-18 20:33:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mabzjy6dzz2c...
CVE-2025-14832 itsourcecode Online Cake Ordering System updateproduct.php sql injection
A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...
CVE-2025-67950
CVE-2025-67950 affects the WordPress All In One SEO Pack plugin (versions up to 4.9.1). The Red Hat/NVD/Patchstack entries describe an SQL injection vulnerability due to improper input handling that enables blind SQL injection with authenticated access (Contributor+) and high impact (C/H/I/H/A). ...
WordPress Events Manager – Calendar, Bookings, Tickets, and more! plugin <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion vulnerability
Cross-Site Request Forgery to Location Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...
CVE-2025-40334
Summary: CVE-2025-40334 concerns the Linux kernel subsystem for AMD GPUs (drm/amdgpu). The issue is that the code path validating the userq object’s virtual address and size could permit operating on a user/qr virtual address that is not guaranteed to be resident in a valid VM mapping. The connec...
CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
CVE-2025-65944 vulnerabilities
Vulnerabilities for packages: langfuse...
CVE-2025-59491
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields...
Siemens SIMATIC Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-42292)
In the Linux kernel, the following vulnerability has been resolved: kobjectuevent: Fix OOB access within zapmodaliasenv zapmodaliasenv wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed b...
EUVD-1999-0335
Malware in sbrugna...
EUVD-2001-1102
Malware in sbrugna...
EUVD-2000-0739
Malware in sbrugna...
DEBIAN-CVE-2025-11277
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit...