823 matches found
CVE-2024-41565
JustEnoughItems JEI 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication...
CVE-2024-41564
EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in EMI mod for Minecraft, which allows in-game item duplication...
CVE-2024-39895
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
CVE-2021-41117
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...
EUVD-2026-1517
This vulnerability allows a Backup or Tape Operator to write files as root...
EUVD-2026-1571
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5...
EUVD-2026-1083
Not used...
EUVD-2026-0110
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2025-205127
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix iwlmvmmaxamsdusize for MLO For MLO, we cannot use vif-bssconf.chandef.chan-band, since that will lead to a NULL-ptr dereference as bssconf isn't used. However, in case of real MLO, we also need to take both LMA...
CVE-2025-68215 ice: fix PTP cleanup on driver removal in error path
In the Linux kernel, the following vulnerability has been resolved: ice: fix PTP cleanup on driver removal in error path Improve the cleanup on releasing PTP resources in error path. The error case might happen either at the driver probe and PTP feature initialization or on PTP restart errors in...
CVE-2025-14074
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
CVE-2025-14074
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
CVE-2025-14074
CVE-2025-14074 concerns the WordPress plugin PDF for Contact Form 7 + Drag and Drop Template Builder. Public sources confirm a vulnerability where an authenticated user (Subscriber or higher) can trigger unauthorized post duplication due to a missing capability check in the rednumber_duplicate fu...
CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
EUVD-2025-203072
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...
PT-2025-50912
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
SUSE CVE-2025-40338
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...
CVE-2025-13924
CVE-2025-13924 affects Advanced Product Fields (Product Addons) for WooCommerce. The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation on the maybe_duplicate function, allowing unauthenticated attackers to duplicate and publish product field groups (including...