CVE-2025-8896 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprcommunicationpreferences' parameter in all versions up to, and including, 3.14.3 due to insufficient input sanitization and...

Linux Distros Unpatched Vulnerability : CVE-2021-29970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

PT-2025-33398 · Steve Burge · Taxopress

Name of the Vulnerable Software and Affected Versions: TaxoPress versions through 3.37.2 Description: An insertion of sensitive information into sent data issue exists in Steve Burge TaxoPress, allowing retrieval of embedded sensitive data. Recommendations: At the moment, there is no information...

CVE-2024-53945

The CVE-2024-53945 entry concerns the KuWFi 4G AC900 LTE router (version 1.0.13). The vulnerability is a command injection in the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can inject shell metacharacters into parameters such as pincode and cmds to...

CVE-2011-10010 QuickShare File Server 1.2.1 Path Traversal RCE

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

CVE-2025-2182

PAN-OS MACsec vulnerability (CVE-2025-2182) affects PA-7500 Series in NGFW clusters. The issue stems from the MACsec protocol implementation, allowing cleartext exposure of the connectivity association key (CAK). A CAK holder can read messages exchanged between devices within a clustered NGFW, wh...

CVE-2025-32451

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2025-32451

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2025-32451

Foxit Reader 2025.1.0.27937 is affected by CVE-2025-32451, a memory corruption vulnerability caused by an uninitialized pointer. Exploitation requires a user to open a specially crafted malicious PDF containing Javascript, or to visit a crafted malicious site if the browser plugin is enabled, pot...

CVE-2025-43986

An issue was discovered on KuWFi GC111 GC111-GL-LM321V3.020191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication...

Tuoshi NR500-EA 安全漏洞

Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43, which stems from the default enablement of SSH service and the presence of a hard-coded root account...

KuWFi GC111 安全漏洞

KuWFi GC111 is a WiFi router from KuWFi China. A security vulnerability exists in KuWFi GC111 GC111-GL-LM321V3.020191211, which stems from TELNET service being enabled by default and unauthenticated...

PT-2025-33071 · Unknown · Kuwfi Gc111-Gl-Lm321 V3.0 20191211 +1

Name of the Vulnerable Software and Affected Versions: KuWFi GC111 GC111-GL-LM321 V3.0 20191211 Description: The TELNET service is enabled by default and exposed over the WAN interface without authentication. Recommendations: Disable the TELNET service to prevent unauthorized access...

Dow’s 125-year legacy: Innovating with AI to secure a long future

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees,...

Linux Distros Unpatched Vulnerability : CVE-2024-58090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after...

Linux Distros Unpatched Vulnerability : CVE-2017-15094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially...