CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

CVE-2025-43496

The CVE-2025-43496 issue affects Apple platforms (watchOS 26.1; macOS Tahoe 26.1; iOS 26.1/iPadOS 26.1; iOS 18.7.2/iPadOS 18.7.2; macOS Sequoia 15.7.2; visionOS 26.1). Description: remote content could be loaded even when the device setting Load Remote Images is off. Root cause: insufficient logi...

CVE-2025-12604

A vulnerability has been found in itsourcecode Online Loan Management System 1.0. This affects an unknown part of the file /loadfields.php. The manipulation of the argument loanid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management RMM software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according t...

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

EUVD-2025-37446

A vulnerability has been found in itsourcecode Online Loan Management System 1.0. This affects an unknown part of the file /loadfields.php. The manipulation of the argument loanid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

PT-2025-44905

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 Description A flaw exists where remote content could be loaded despite the 'Load Remote Images' setting being disabled. This issue was resolved by implementing additional logic to...

CVE-2025-12604

A vulnerability has been found in itsourcecode Online Loan Management System 1.0. This affects an unknown part of the file /loadfields.php. The manipulation of the argument loanid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2025-12604 itsourcecode Online Loan Management System load_fields.php sql injection

A vulnerability has been found in itsourcecode Online Loan Management System 1.0. This affects an unknown part of the file /loadfields.php. The manipulation of the argument loanid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

Exploit for Server-generated Error Message Containing Sensitive Information in Squid-Cache Squid

CVE-2025-62168Squid Proxy Information Disclosure in Error hand...

Exploit for CVE-2025-11174

CVE-2025-11174: Unauthenticated Information Disclosure in Word...

PT-2025-44738

Name of the Vulnerable Software and Affected Versions itsourcecode Online Loan Management System version 1.0 Description A flaw exists in itsourcecode Online Loan Management System that allows for SQL injection. This issue affects an unspecified part of the /load fields.php file. The loan id...

itsourcecode Online Loan Management System SQL注入漏洞

itsourcecode Online Loan Management System is an online loan management system from itsourcecode open source. A SQL injection vulnerability exists in version 1.0 of itsourcecode Online Loan Management System, which stems from an incorrect manipulation of the parameter loanid in the file...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2CAPMACFILTER enabled, the following warning is generated on module load: 324.701677 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578...

EUVD-2025-37405

The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inaredirectpageindividualuser' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174

CVE-2025-11174 affects WordPress Document Library Lite plugin. All versions up to 1.1.6 permit improper authorization via an unauthenticated AJAX action (dll_load_posts) exposed through wp-admin/admin-ajax.php, returning a JSON table of document data without nonce or capability checks. The attack...

Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

...

EUVD-2013-7286

Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

CVE-2013-10071

Nagios XI versions prior to 2012R1.6 are affected by CVE-2013-10071, a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX load functionality. The issue arises from insufficient validation/escaping of user-supplied input, potentially allowing an attacker to inject and...