276 matches found
AZL-65009 CVE-2025-38334 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
UBUNTU-CVE-2022-50146
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...
WordPress School Management plugin <= 93.0.0 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Aiden Thái An in WordPress Plugin School Management versions = 93.0.0...
WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection
Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...
WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability
WordPress Motors - Events plugin = 1.4.7 - Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Motors - Events versions = 1.4.7...
WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin WooCommerce Ultimate Gift Card versions = 2.9.6...
WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin WooCommerce Photo Reviews versions = 1.3.13...
WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...
WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin QuickCab versions = 1.3.3...
CVE-2024-24425
Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amfasestablishreq function at /tasks/amf/amfas.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted NAS packet...
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...
WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection
Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer EPC PSID 070158f14a77 Credits Rafie Muhammad Patchstack Required privilege Subscriber Published 22...
WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability
Unauthenticated Non-Arbitrary Local File Inclusion vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...
kernel: x86/sgx: Fix deadlock in SGX NUMA node search
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fix deadlock in SGX NUMA node search When the current node doesn't have an EPC section configured by firmware and all other EPC sections are used up, CPU can get stuck inside the while loop that looks for an available EP...
WordPress Bimber - Viral Magazine WordPress Theme Theme <= 9.2.5 is vulnerable to Local File Inclusion
Software Bimber - Viral Magazine WordPress Theme Type Theme Vulnerable versions = 9.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-47576 Patch priority Low CVSS severity Low 8.8 Developer EPC PSID 08c8e83478ea Credits Ananda Dhakal Patchstack Required...
WordPress Kleo Theme < 5.4.4 is vulnerable to Broken Access Control
Software Kleo Type Theme Vulnerable versions 5.4.4 Fixed in 5.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39367 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 7bef03870816 Credits Ananda Dhakal Patchstack Required privilege...
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...
WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Car Park Booking System for WordPress versions = 2.6...
WordPress JNews Theme <= 11.6.5 is vulnerable to Broken Access Control
Software JNews Type Theme Vulnerable versions = 11.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39373 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 775c2569b9cb Credits Ananda Dhakal Patchstack Required privilege...