3830 matches found
CVE-2025-34457
wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kissrecbyte located in src/kissframe.c. When processing crafted KISS frames that reach the maximum allowed frame length MAXKISSLEN, the function...
CVE-2025-34457 wb2osz/direwolf <= 1.8.1 Stack-based Buffer Overflow DoS
wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kissrecbyte located in src/kissframe.c. When processing crafted KISS frames that reach the maximum allowed frame length MAXKISSLEN, the function...
CVE-2025-34457 wb2osz/direwolf <= 1.8.1 Stack-based Buffer Overflow DoS
wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kissrecbyte located in src/kissframe.c. When processing crafted KISS frames that reach the maximum allowed frame length MAXKISSLEN, the function...
CVE-2025-64702
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...
Malicious Package
Overview privy-frames-drop is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-203737
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser The Information Element IE parser rtwgetie trusted the length byte of each IE without validating that the IE body len bytes after the 2-byte header fits inside the...
CVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
UBUNTU-CVE-2025-68256
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser The Information Element IE parser rtwgetie trusted the length byte of each IE without validating that the IE body len bytes after the 2-byte header fits inside the...
CVE-2025-68256
CVE-2025-68256 affects the Linux kernel staging rtl8723bs IE parser (rtw_get_ie). The vulnerability arises from not validating the length field of each Information Element, allowing a malformed frame to trigger out-of-bounds reads or an infinite loop when the IE body extends beyond the remaining ...
CVE-2025-13705
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2025-203222
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13705
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Denial Of Service
Eclipse Jetty is vulnerable to Denial of Service. The vulnerability is due to improper handling of malformed or illegal HTTP/2 frames such as invalid WINDOWUPDATE frames, which allows an attacker to repeatedly trigger RSTSTREAM responses and exhaust server CPU and memory resources...
CVE-2025-13705 Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13705 Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13705
CVE-2025-13705 concerns the WordPress plugin Custom Frames (
WordPress Custom Frames plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Parameter vulnerability discovered by theviper17y in WordPress Plugin Custom Frames versions = 1.0.1...
WordPress plugin Custom Frames 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-51063
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-64702
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...