CVE-2019-25633

CVE-2019-25633 affects AIDA64 Extreme 5.99.4900. A structured exception handling buffer overflow via the email preferences and report wizard interfaces allows a local attacker to execute arbitrary code by supplying crafted input. Specifically, payloads injected into the Display name field and via...

EUVD-2026-14743

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662

Affected software: JetEngine WordPress plugin. Vulnerability: SQL Injection via the listing_load_more AJAX action in all versions up to and including 3.8.6.1. Root cause: The filtered_query parameter is excluded from HMAC signature validation and the prepare_where_clause() in the SQL Query Builde...

PT-2026-27331

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the NiceGUI open source project. Versions of NiceGUI prior to 3.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the media routing functions in app.addmediafile and app.addmediafiles, which allowed...

PT-2026-27367

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display nam...

EUVD-2019-19963

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

CVE-2019-25611

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

CVE-2019-25611 MiniFtp parseconf_load_setting Buffer Overflow via Configuration

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

CVE-2019-25611 MiniFtp parseconf_load_setting Buffer Overflow via Configuration

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

MiniFtp 缓冲区错误漏洞

MiniFtp is a lightweight FTP server software developed by Arvin’s individual developer. MiniFtp has a buffer error vulnerability, which stems from a buffer overflow in the parseconfloadsetting function. This vulnerability could allow local attackers to execute arbitrary code by providing...

EUVD-2026-13838

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...

CVE-2026-2430

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...

CVE-2026-2352

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...

CVE-2026-2430

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...

CVE-2026-2430 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...