Prototype Pollution

json-schema-editor-visual is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied input in the setData and deleteData functions, which allows an attacker to supply a crafted payload to inject or delete properties on Object.prototype, potentially...

py-pdfminer.six -- Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

Pieter Marsman reports: pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six...

EUVD-2023-41642

Malicious code in bioql PyPI...

bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls

...

PT-2025-34511 · WordPress · Restore Permanently Delete Post/Page Data

Name of the Vulnerable Software and Affected Versions: Restore Permanently delete Post or Page Data plugin for WordPress version 1.0 Description: The Restore Permanently delete Post or Page Data plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce...

CVE-2025-51092

The CVE-2025-51092 entry concerns the LogIn-SignUp project by VishnuSivadasVS. The underlying issue is SQL Injection due to unsafe SQL query construction in DataBase.php: logIn() and signUp() concatenate user input and unvalidated table names instead of using prepared statements. Although a prepa...

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

CVE-2020-6019

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::ReceivedData, leading to an exception thrown from libprotobuf and resulting in a crash...

PT-2025-18383 · WordPress · Wordpress Simple Shopping Cart

Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to, and including, 5.1.3 Description: The issue allows unauthenticated attackers to manipulate the quantity of a product to a negative number, effectively subtracting the product cost from the...

CVE-2025-3115

CVE-2025-3115 involves TIBCO Spotfire data functions with injection vulnerabilities and insufficient validation of filenames during file uploads, enabling potential arbitrary code execution. Connected sources indicate this is a high-severity issue (CVSS 3.1/4.0, CRITICAL) affecting Spotfire compo...

CVE-2023-34406

An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG New Telematics Generation 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the...

PT-2025-1739 · WordPress · Wp Travel

Name of the Vulnerable Software and Affected Versions: WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress versions prior to 10.0.1 Description: The issue is related to SQL Injection via the booking itinerary parameter of the wptravel get booking data function...

PT-2025-5654 · Git +1 · Opencv

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported, classified as an UNKNOWN READ. The crash state involves several functions: png free data, png destroy info struct, and png...

PT-2024-36476 · Rhymix · Rhymix

Name of the Vulnerable Software and Affected Versions: Rhymix version 2.1.19 Description: The issue is related to Server-Side Request Forgery SSRF in the background import data function. This means that an attacker could potentially forge requests from the server, leading to unauthorized access t...

CVE-2024-55089

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery SSRF in the background import data function because XML documents may contain external entities...

PT-2024-37783 · WordPress · Bookingpress – Appointment Booking Calendar Plugin/Online Scheduling Plugin

Name of the Vulnerable Software and Affected Versions: The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthorized modification of data, leading to privilege escalation due...

DEBIAN-CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

PT-2024-30599 · WordPress · Block Bad Bots/Stop Bad Bots Crawlers/Spiders/Anti Spam Protection

Name of the Vulnerable Software and Affected Versions: The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress versions up to, and including, 10.24 Description: The issue is related to unauthorized access of data due to a missing capability check on...

PT-2024-21746 · Google · Android

Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a possible out of bounds write due to a missing bounds check in the init data function. This could lead to local escalation of privilege with no additional execution...

WordPress Plugin Eventin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...