CVE-2019-25253

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...

CVE-2018-25129

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like...

CVE-2018-25130

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized acces...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2019-25253 KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...

CVE-2018-25130 Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized acces...

CVE-2018-25130 Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized acces...

CVE-2018-25130

Beward Intercom 2.3.1 contains a local credential-disclosure vulnerability: usernames and passwords stored in plaintext in BEWARD.INTERCOM.FDB can be read by a local attacker, enabling unauthorized access to IP cameras and door stations. Root cause: credentials stored in an unencrypted database f...

Exploit for CVE-2025-68613

n8n CVE-2025-68613 Internet Scanner A Tkinter-based GUI tool...

CVE-2025-68590

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through = 1.4.2...

CVE-2025-68570 WordPress Captivate Sync plugin <= 3.2.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through = 3.2.2...

CVE-2023-54115 pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()

In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrcnonstatic: Fix memory leak in nonstaticreleaseresourcedb When nonstaticreleaseresourcedb frees all resources associated with an PCMCIA socket, it forgets to free socketdata too, causing a memory leak observable with...

EUVD-2025-205123

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

EUVD-2025-205174

In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session-scaplock' is released in cephiteratesessioncaps the cap maybe removed by another thread, and when using the stale cap...

WordPress plugin User Feedback 安全漏洞

WordPress User Feedback plugin is a tool designed for WordPress websites to create and manage user feedback forms, surveys and contact forms. WordPress User Feedback plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL...

PT-2025-53351

Name of the Vulnerable Software and Affected Versions Beward Intercom version 2.3.1 Description A security issue exists in Beward Intercom 2.3.1 that allows local attackers to access plain-text authentication credentials. The credentials are stored in an unencrypted database file, specifically th...

PT-2025-53278

Name of the Vulnerable Software and Affected Versions CRM Perks Integration for Contact Form 7 HubSpot versions through 1.4.2 Description A flaw exists in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot that allows for Blind SQL Injection. This is due to improper neutralization of...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a buffer space miscalculation that could lead to a buffer overflow...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of address family checking in the isotpbind function, which could lead to binding errors...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of boundary checking, which could lead to out-of-bounds access...