SEOPress < 7.9 - Authentication Bypass

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. id:...

Ray Static File - Local File Inclusion

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. id: CVE-2023-6020 info: name: Ray Static File - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's /static/ directory allows attackers to read any file on the...

AnteeoWMS < v4.7.34 - SQL Injection

A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. id: CVE-2024-44349 info: name: AnteeoWMS v4.7.34 - SQL Injection author:...

Ubuntu: Security Advisory (USN-7496-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-22101

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

GHSA-96XV-RMWJ-6P9W Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------...

GHSA-CRJR-9RC5-GHW8 Nokogiri Inefficient Regular Expression Complexity

Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...

CVE-2021-46072

CVE-2021-46072 affects Vehicle Service Management System 1.0, with a stored cross-site scripting (XSS) vulnerability in the Service List section of the login panel. The issue arises from insufficient input filtering/escaping, enabling attacker-supplied payloads to be stored and later executed by ...

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency “CISA” that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020,...