WordPress Webmention plugin <= 5.6.2 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Duong Quang Hao in WordPress Plugin Webmention versions = 5.6.2...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the WaveletDenoiseImage function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Red Hat Bugzilla Bug Credit: Hao Ren...

EUVD-2024-53470

Malicious code in bioql PyPI...

Malicious code in @zalastax/nolb-hao (npm)

The package @zalastax/nolb-hao was found to contain malicious code...

MAL-2025-11913 Malicious code in @zalastax/nolb-hao (npm)

The package @zalastax/nolb-hao was found to contain malicious code...

WordPress Simple Banner plugin <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Khanh Hao in WordPress Plugin Simple Banner versions = 3.0.4...

PT-2023-23252 · Baidu · Baidu Tongji Generator

Name of the Vulnerable Software and Affected Versions: Baidu Tongji generator versions n/a through 1.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Haoqisir Baidu Tongji generator. Recommendations: For versions n/a through 1.0.2, as a...

Congratulations to the Top MSRC 2023 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q2 Security Researcher Leaderboard are: Yuki Chen...

A Deepfake Deep Dive into the Murky World of Digital Imitation

About a year ago, top deepfake artist Hao Li came to a disturbing realization: Deepfakes, i.e. the technique of human-image synthesis based on artificial intelligence AI to create fake content, is rapidly evolving. In fact, Li believes that in as soon as six months, deepfake videos will be...

Hao Chen CAD Viewing King suffers from dll hijacking vulnerability

HaoChen CAD Viewer original name: HaoChen YunDu is a free CAD software that supports all versions of dwg format drawings to open online, and is fully compatible with AutoCAD, Tianzheng CAD, etc. It is also compatible with AutoCAD, Tianzheng CAD and other CAD software. Hochen CAD Viewer has a dll...

Integer overflow

The mintToken function of a smart contract implementation for hentaisolo HAO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13193

CVE-2018-13193 concerns the mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token. The vulnerability is an integer overflow that enables the contract owner to set the balance of an arbitrary user to any value, effectively allowing balance manipulation. Docu...

Hao Han-universal digital campus platform /ineduportal/Components/HistoryToDay/historyinfo. aspx parameters HTid injection vulnerability

No description provided by source...

Moderate: Red Hat Security Advisory: netcf security, bug fix, and enhancement update

Updated netcf packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability

Summary KindEditor online HTML editor is a set of open source, mainly for users on the site to get WYSIWYG editing effects, developers can replace the traditional multi-line text input box textarea KindEditor rich visualization text input box. Description KindEditor is prone to a reflected...

Stack overflow

Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor aka graphics rendering engine in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary...