EUVD-2022-38999

Malicious code in bioql PyPI...

EUVD-2023-52776

Malicious code in bioql PyPI...

CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...

Failed to process site: {}. Failed to resolve personal site owner.

Challenge Backup job of a personal site fails with: Failed to process site: 0. Failed to resolve personal site owner. For more details, see KB4756. Cause This error indicates that Veeam Backup for Microsoft 365 was unable to correlate a Personal Site to a specific user because the owner of the si...

gosec

This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...

Linux Distros Unpatched Vulnerability : CVE-2019-11766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6OPTIONPDEXCLUDE feature. CVE-2019-11766 Note that Nessus relies on the...

📄 libxslt xsltParseStylesheetProcess Use-After-Free

There is a use-after-free issue in libxslt read on a namespace URL stored in exclPrefixTab. The issue was reproduced on the latest Git version. The proof of concept and ASAN log are provided at the end of the report. There is a use-after-free issue in libxslt read on a namespace URL stored in...

Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer

The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...

CVE-2023-48743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Menard Simply Exclude allows Reflected XSS.This issue affects Simply Exclude: from n/a through 2.0.6.6...

CVE-2019-15895

search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes...

CVE-2025-2821

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...

CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...

CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...

PT-2025-19897 · WordPress · Search Exclude

Name of the Vulnerable Software and Affected Versions: Search Exclude plugin for WordPress versions up to, and including, 2.4.9 Description: The issue allows unauthorized modification of data due to a missing capability check on the get rest permission function. This makes it possible for...

Do Not Allow Globally Writable Files

Globally writable files can be written by any user in the system, which is generally not needed. If a file is improperly set to globally writable, the file can be easily tampered with by attackers, causing security risks. Therefore, if a file is required to be globally writable, the actual scenar...

WordPress plugin Search Exclude 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

libxslt xsltParseStylesheetProcess Use-After-Free

libxslt suffers from a use-after-free vulnerability in xsltParseStylesheetProcess. There is a use-after-free issue in libxslt read on a namespace URL stored in exclPrefixTab. The issue was reproduced on the latest Git version. The proof of concept and ASAN log are provided at the end of the repor...

CVE-2024-45340

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file...

CVE-2024-6338

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

WordPress FV Player plugin <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter vulnerability

Authenticated Subscriber+ SQL Injection via exclude Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin FV Flowplayer Video Player versions = 7.5.46.7212...