624 matches found
CVE-2025-6085 Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uploadmedia' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2025-6085
CVE-2025-6085 affects the WordPress Make Connector plugin (versions
PT-2025-35899
Name of the Vulnerable Software and Affected Versions Make Connector versions prior to 1.5.11 Description The Make Connector plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the upload media function. This allows authenticated attackers...
WordPress plugin Make Connector å®å Øę¼ę“
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Make Connector plugin <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Make, formerly Integromat Connector versions = 1.5.10...
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
Solaris 10 (i386): 153094-01
SunOS 5.10: SunOS 5.10x86: mkdir patch. Date this patch was last updated by Sun : Apr/14/25 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255256; scriptversion"1.1";...
Linux Distros Unpatched Vulnerability : CVE-2014-2570
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2025-9174
An os command injection flaw has been discovered in neurobin shc. The make function in the src/shc.c file does not properly handle user input, which may lead to command injection. This vulnerability requires local access in order to exploit. Mitigation Mitigation for this issue is either not...
CVE-2025-9176
A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...
CVE-2025-9176
A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...
CVE-2025-9175
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...
CVE-2025-9175
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...
CVE-2025-9174
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclos...
CVE-2025-9175
CVE-2025-9175 affects neurobin shc up to version 4.0.3. The vulnerability is in the make() function of src/shc.c, causing a stack-based buffer overflow that can be triggered locally. Public exploit appears to be available. Several sources corroborate a local-exploitation scenario with varying imp...
CVE-2025-9175 neurobin shc shc.c make stack-based overflow
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...
CVE-2025-9174 neurobin shc Filename shc.c make os command injection
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclos...
CVE-2025-9174 neurobin shc Filename shc.c make os command injection
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclos...
CVE-2025-38615
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted ilink. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted...
DEBIAN-CVE-2025-38615
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted ilink. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted...