WordPress plugin Ajax Load More 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ajax Load More plugin, which stems from the application's lack of effective filtering and escaping of user-supplied...

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A code issue vulnerability exists in F5 BIG-IP that stems from HTTP/2 configuration leading to TMM termination...

PT-2025-20195 · Unknown · Ajax Load More

Name of the Vulnerable Software and Affected Versions: Ajax Load More versions through 7.3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables an attacker to inject malicious...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from increased memory resource utilization...

Domain passthrough with ZeroTrust VPN users get "cannot start your session" via Azure load balancer

When you access Store URL and click on "Log on" you see the error - cannot start your session. wait a few minutes and try to logon again. If you still experience problems, contact your help desk. When you click on the "OK" button multiple times, eventually it goes away. More details on deployment...

U.S. Dept Of Defense: SQL Injection via URL

A SQL injection vulnerability was discovered in the website's URL. The vulnerability allowed manipulation of SQL queries executed by the backend database. The vulnerability was demonstrated by changing the sleep value, which resulted in longer or shorter delays in the page loading...

The vulnerability of the _parse/load_user-profile.php file in the Job Recruitment system allows a hacker to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the parse/loaduser-profile.php file in the Job Recruitment system is related to the lack of measures to neutralize special elements. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information and execute arbitra...

CVE-2025-37799

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3processxdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 that is, packet sizes between 128 - 3k bytes. We noticed MTU-related connectivity issues with Cilium's...

UBUNTU-CVE-2025-37799

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3processxdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 that is, packet sizes between 128 - 3k bytes. We noticed MTU-related connectivity issues with Cilium's...

CVE-2025-37799 vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3processxdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 that is, packet sizes between 128 - 3k bytes. We noticed MTU-related connectivity issues with Cilium's...

SUSE CVE-2025-37764

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: fix firmware memory leaks Free the memory used to hold the results of firmware image processing when the module is unloaded. Fix the related issue of the same memory being leaked if processing of the firmware ima...

SUSE CVE-2025-37781

In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by...

Failed to load module [veeamblksnap] on Oracle Linux 9 with UEK R8 kernel

Article Applicability This article is specifically regarding Oracle Linux 9 with UEK R8 kernel 6.12+: root@localhost cat /etc/os-release PRETTYNAME="Oracle Linux Server 9.5" root@localhost uname -r 6.12.0-0.20.20.el9uek.x8664 For all other situations involving the error "Failed to load module...

UBUNTU-CVE-2022-49881

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in queryregdbfile In the function queryregdbfile the alpha2 parameter is duplicated using kmemdup and subsequently freed in regdbfwcb. However, requestfirmwarenowait can fail without calling...

NetScaler Responder Policy not working as expected when LB is configured to use AAA

Having defined a Responder Policy for use and binding it to a Load Balancing virtual server, you find that Policy Hits are seen and Responder Action used only when no Authentication Host is configured on the Load Balancer. When using the Load Balancer with an Authentication Host configured for us...

Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)

Summary IBM® Db2® could disclose sensitive information when using ADMINCMD with LOAD or BACKUP. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When using...

DEBIAN-CVE-2024-58099

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as...

CVE-2024-58099 vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as...

CVE-2025-46508

Cross-Site Request Forgery CSRF vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through = 1.6.0...

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...