3128 matches found
WordPress plugin LC Wizard 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Arbitrary File Write
Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...
PT-2026-5672
Memory corruption when calculating oversized partition sizes without proper checks...
CVE-2025-59105
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
CVE-2026-0778
Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this...
Enel X JuiceBox 40: Access control error vulnerability
The Enel X JuiceBox 40 is a household electric vehicle charging station developed by the American company Enel X. The Enel X JuiceBox 40 has a access control vulnerability, which stems from the lack of authentication in the Telnet service. This vulnerability may lead to remote code execution...
WordPress plugin Quiz And Survey Master has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WordPress plugin User Registration security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-69199
CVE-2025-69199 affects the Wings websocket endpoints in Pterodactyl. Prior to version 1.12.0, websockets lacked rate limiting and message-size controls, enabling a attacker to open many connections and flood data, risking network saturation and elevated CPU/memory load. Remedies: upgrade to Wings...
DEBIAN-CVE-2025-62291
In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...
Code-Projects Police Station Management System Access Control Vulnerability
Code-Projects Police Station Management System is an open-source police station management system developed by Code-Projects. The Code-Projects Police Station Management System has a vulnerability related to access control, which stems from the lack of authentication. This vulnerability may allow...
CVE-2026-22916
An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration...
InputPlumber 安全漏洞
InputPlumber is an open source input device routing daemon from ShadowBlip. A security vulnerability exists in InputPlumber versions prior to v0.63.0, which stems from a lack of authorization and could lead to a local denial of service, information disclosure, or elevation of privilege...
CVE-2023-29168
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...
CVE-2023-40845
Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin is vulnerable to Buffer Overflow via function 'sub34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks...
CVE-2021-41555
In ARCHIBUS Web Central 21.3.3.815 a version from 2014, XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...
CVE-2021-31643
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter...
CVE-2021-0889
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...
CVE-2022-0429
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...
CVE-2022-35534
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifimultissid.shtml...