PT-2026-37602

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the gfs2 fiemap function where iomap fiemap is called while the inode glock global lock is held. This can result in recursive glock acquisition if the fiemap buffer is...

EUVD-2026-23901

python-dotenv: Symlink following in setkey allows arbitrary file overwrite via cross-device rename fallback...

CVE-2025-14103

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...

CVE-2025-14103 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...

DEBIAN-CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

PT-2025-41158

Name of the Vulnerable Software and Affected Versions Wasmtime versions 37.0.0 through 37.0.1 Description Wasmtime, a runtime for WebAssembly, contains memory leaks within its C/C++ API when utilizing bindings for anyref or externref WebAssembly values. This issue stems from a regression introduc...

EUVD-2023-36752

Malicious code in bioql PyPI...

EUVD-2023-36753

Malicious code in bioql PyPI...

📄 DokuWiki 2025-05-14a Shell Upload

DokuWiki version 2025-05-14a suffers from a remote shell upload vulnerability. Exploit Title: DokuWiki 2025-05-14a Remote Code Execution via File Upload Authenticated Exploit Author: tmrswrr Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link:...

CVE-2023-32508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5...

CVE-2023-32509

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...

CVE-2023-32510

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...

PT-2024-34399 · Unknown · Smart Agent

Name of the Vulnerable Software and Affected Versions: Smart Agent version 1.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the id parameter in the "/sendPushManually.php" component. This is a SQL injection vulnerability that can be exploited to run arbitrary...

CVE-2024-39869

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the...

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat, curl, printf...

PT-2024-40034 · Ez Systems · Ez Publish Legacy

Name of the Vulnerable Software and Affected Versions: eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in eZ Publish Legacy that could lead to XSS injection in certain configurations, particularly when all modules are disabled. This vulnerability...

CVE-2023-32508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5...

CVE-2023-32508

CVE-2023-32508 targets WordPress plugin Order Your Posts Manually (v

WordPress Plugin order-your-posts-manually SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin order-your-posts-manually...