3786 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-21733
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoi...
CVE-2024-13471
CVE-2024-13471 affects DesignThemes Core Features for WordPress prior to patch/fix. The vulnerability arises from a missing capability check in dt_process_imported_file, allowing unauthenticated attackers to read arbitrary files on the server. Affected versions are DesignThemes Core Features
CVE-2024-13471 DesignThemes Core Features <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read via dt_process_imported_file
The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dtprocessimportedfile function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read arbitrary files on the...
WordPress plugin DesignThemes Core Features 路径遍历漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in WordPress plugin...
Linux Distros Unpatched Vulnerability : CVE-2024-45017
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not...
WordPress DesignThemes Core Features plugin <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read via dt_process_imported_file vulnerability
Missing Authorization to Unauthenticated Arbitrary File Read via dtprocessimportedfile vulnerability discovered by Tonn in WordPress Plugin DesignThemes Core Features versions = 4.7...
CVE-2025-27156
Tuleap CVE-2025-27156 affects the mass emailing feature, where HTML content in emails is not sanitized, enabling content injection that could facilitate phishing or indirect exploitation of recipients’ mail clients. Affected versions include Tuleap Community Edition prior to 16.4.99.1740567344 an...
CVE-2025-27156 Tuleap allows content injection via emails sent by the mass emailing features
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...
Important: Red Hat Security Advisory: emacs security update
An update for emacs is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Spring gRPC 0.4.0 for great good!
NB : you can find the working code for this blog here There's a new release of the amazing—if experimental—Spring gRPC project: version 0.4.0. I won't get into the nitty-gritty of all that's new, but I just wanted to highlight how elated I am to use it and walk you through the step-by-step path t...
Important: Red Hat Security Advisory: emacs security update
An update for emacs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: emacs security update
An update for emacs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CNVD-2025-23063)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security feature bypass vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to bypass certain features...
MongoDB Shell may be susceptible to local privilege escalation in Windows
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...
SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for Maven (SUSE-SU-2025:0719-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0719-1 advisory. maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: - Key changes across versions: Bug...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version 0.23.0 that stems from insufficient user-supplied URL validation, which could lead to an SSRF attack...
CVE-2022-49273
In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: fix rtc features null pointer dereference When there is no interrupt line, rtc alarm feature is disabled. The clearing of the alarm feature bit was being done prior to allocations of ldata-rtc device, resulting in a...
Exploit for CVE-2025-23942
WP Load Gallery Exploit CVE-2025-23942 📌 Description Unr...
Magento Installed Packages
Binary data adobemagentopackageenum.nbin...
[SECURITY] Fedora 40 Update: proftpd-1.3.8c-3.fc40
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...