Lucene search
K

14 matches found

OSV
OSV
added 2025/08/19 6:15 a.m.13 views

AZL-66437 CVE-2025-38553 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netemenqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in...

5.6AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/19 6:6 a.m.8 views

CVE-2025-38553

...

0.00124EPSS
Exploits0
CVE
CVE
added 2025/08/19 6:6 a.m.49 views

CVE-2025-38553

CVE-2025-38553 affects the Linux kernel (net/sched). The issue concerns the duplication logic for netem instances in a qdisc tree, where the existing netem_enqueue handling can misbehave when a netem coexists with others, potentially causing a soft lockup or OOM loop in netem_dequeue. The connect...

6.6AI score0.00124EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/08/19 6:6 a.m.5 views

CVE-2025-38553

Removed by vendor...

5.6AI score0.00124EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/10/12 2:35 p.m.4 views

SUSE CVE-2023-38546

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...

4.5CVSS6.3AI score0.06208EPSS
Exploits0References70
Cvelist
Cvelist
added 2023/07/12 6:52 a.m.29 views

CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass

The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...

4.3CVSS4.6AI score0.0035EPSS
Exploits0References9
Prion
Prion
added 2023/06/09 7:15 a.m.23 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/10 5:42 p.m.6 views

CVE-2021-33852

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...

5.4CVSS6.2AI score0.00627EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2022/01/27 12:0 a.m.217 views

WordPress RegistrationMagic V 5.0.1.5 SQL Injection

Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...

7.2CVSS0.4AI score0.73293EPSS
Exploits6
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.4 views

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL...

9.8CVSS8.5AI score0.01575EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/11/09 12:0 a.m.16 views

LearnPress < 4.1.4 - Admin+ SQL Injection

The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues PoC Id needs to start with a valid course/lesson/quiz/question ID:...

9.8CVSS9.2AI score0.01575EPSS
Exploits2Affected Software1
OSV
OSV
added 2021/05/24 4:57 p.m.18 views

GHSA-M54R-VRMV-HW33 Improper Sanitizing of plugin names in helm

Impact Security researchers at Trail of Bits discovered that plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to hel...

3.4CVSS3.8AI score0.00962EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/09/17 12:0 a.m.3 views

PT-2020-14257 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: The issue arises from improper sanitization of plugin names, allowing a malicious plugin author to use characters that could result in unexpected behavior. This could...

8.5CVSS6AI score0.01517EPSS
Exploits1References37
RedHat Linux
RedHat Linux
added 2016/11/15 7:36 p.m.5 views

kernel: Fork of large process causes memory corruption

It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit o...

7.8CVSS7.2AI score0.00557EPSS
Exploits0References4
Rows per page
Query Builder