CVE-2018-25352

The CVE-2018-25352 entry concerns the WordPress plugin Ultimate Form Builder Lite (version 1.3.7 and earlier). The vulnerability is a SQL injection in the entry_id parameter, exploitable via POST to admin-ajax.php with the ufbl_get_entry_detail_action action. Authenticated attackers can manipulat...

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

The vulnerability of the phar_get_entry_data function in the PHP programming language allows a attacker to cause a service failure or potentially cause other effects.

The vulnerability of the phargetentrydata function in the PHP language interpreter is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause service failures or potentially cause other adverse effects...

CLSA-2022-1644501113 Fix CVE(s): CVE-2021-44142

SECURITY UPDATE: code exec via out-of-bounds read/write in vfsfruit - debian/patches/CVE-2021-44142.patch: refactor getentry function in order to add additional checks - CVE-2021-44142...

The vulnerabilities of the functions p2m_resolve_translation_fault() and p2m_get_entry() in Xen hypervisors, related to insufficient input data validation, allow attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerabilities of the functions p2mresolvetranslationfault and p2mgetentry in the Xen hypervisor are related to incorrect checks on the root table. Exploitation of these vulnerabilities can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause servi...