PT-2026-26430

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the field function parameter received...

CVE-2025-39990

The CVE-2025-39990 issue affects the Linux kernel’s BPF verifier logic: a NULL helper pointer could arise in get_helper_proto due to a disabled config option. The fix marks the tail_call helper as BPF_PTR_POISON since it is unused by design, mitigating the NULL pointer path. Public advisories (SU...

EUVD-2025-12130

Malicious code in bioql PyPI...

PT-2025-27249 · Crates.Io · Wasmtime-Jit-Debug

The unsound function dump code load record uses from raw parts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dump code load record is actually 'unsafe' since it requires the caller to guarantee tha...

CVE-2025-3776

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvrajaxhandler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for...

Grav 代码注入漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.45, which stems from validating accessible functions via the Utils::isDangerousFunction function,...

[SECURITY] Fedora 40 Update: clojure-spec-alpha-0.3.218-8.fc40

Spec is a Clojure library to describe the structure of data and functions. Specs can be used to validate data, conform destructure data, explain invalid data, generate examples that conform to the specs, and automatically use generative testing to test functions...

decreaseTotalVotingPower - If totalVotingPower becomes less than mintedVotingPower, the protocol crashes(even can lose assets)

Lines of code Vulnerability details Impact If totalVotingPower getSharedProposalStorage.governanceValues.totalVotingPower -= votingPower; 1. Tak...

WordPress Plugin Essential Blocks 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Send message in chat function with any username

Description In chat function, username is not validated. We can change username to any value we want which not match with logged in user. Exploitation steps: 1. Login with Phil1 account Patient account. 2. Send message via Burpsuite proxy 3. Modify username to any value you want I user "n00b" 4. ...

Remote Code Execution (RCE)

typed-function is vulnerable to remote code execution. The Javascript engine does not properly validate the function name and allows a remote attacker to create a typed function with Javascript code in the name which is executed...

CVE-2018-16765

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else...

CVE-2018-16764

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because of an IR::FunctionValidationContext::catchall heap-based buffer over-read...

CVE-2018-16767

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand...

WAVM Buffer Overflow Vulnerability

WAVM is the WebAssembly Virtual Machine. A buffer overflow vulnerability exists in the 'FunctionValidationContext::popAndValidateOperand' function in WAVM 2018-07-26 and earlier versions, which can be exploited by an attacker by sending a specially crafted file to WAVM This can be exploited to...

Integer overflow

The gmcmmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service integer signedness error and out-of-array read via a crafted MPEG file...

Mandriva Linux Security Advisory : postgresql (MDVSA-2015:110)

Updated postgresql packages fix multiple security vulnerabilities : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a...