19 matches found
CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
Apache bRPC security vulnerabilities
Apache bRPC is an industrial-grade RPC framework developed by the Apache Foundation, designed for building reliable and high-performance services. Prior to Apache bRPC 1.15.0, there was a security vulnerability. This vulnerability stemmed from the lack of validation for the extraoptions parameter...
EUVD-2025-3218
Malicious code in bioql PyPI...
CVE-2025-23508
Cross-Site Request Forgery CSRF vulnerability in OrigoThemes Extra Options – Favicons extra-options-favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through = 1.1.0...
CVE-2025-23508
Cross-Site Request Forgery CSRF vulnerability in OrigoThemes Extra Options – Favicons extra-options-favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through = 1.1.0...
CVE-2025-23508 WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0...
CVE-2025-23508 WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in OrigoThemes Extra Options – Favicons extra-options-favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through = 1.1.0...
CVE-2025-23508
CVE-2025-23508 affects the WordPress plugin Extra Options – Favicons (versions from unknown up to 1.1.0). The vulnerability is described as Cross-Site Request Forgery (CSRF) that enables Stored XSS. Connected Red Hat and related records confirm the CVE ID and the CSRF-to-Stored-XSS characterizati...
WordPress plugin Extra Options – Favicons 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SUSE CVE-2014-4701
The checkdhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702...
CVE-2022-24953
The CryptGPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions...
CVE-2020-9355
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled...
DEBIAN-CVE-2020-9355
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled...
Privilege escalation
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled...
CVE-2020-9355
NetworkManager-ssh (the plugin for NetworkManager) is affected by CVE-2020-9355. Vulnerable component: network-manager-ssh before 1.2.11; root cause is mishandling of extra SSH options, enabling privilege escalation by a local user who can modify a connection. Impact per sources: local privilege ...