CVE-2026-20174

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...

Cisco Nexus Dashboard Insights 路径遍历漏洞

Cisco Nexus Dashboard Insights is a data center network operation analysis and fault diagnosis platform developed by the American company Cisco. Cisco Nexus Dashboard Insights has a path traversal vulnerability, which stems from insufficient validation of metadata update files. This vulnerability...

CVE-2025-13438 Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...

WordPress plugin Page Title, Description & Open Graph Updater 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-68368 md: init bioset in mddev_init

In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddevinit IO operations may be needed before mdrun, such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL pointer dereference, addres...

EUVD-2016-2000

Malware in sbrugna...

EUVD-2016-2001

Malware in sbrugna...

CVE-2016-11009

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiinterkassa payer metadata updates...

CVE-2016-11010

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpitwocheckout payer metadata updates...

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

PT-2025-19911 · WordPress · Peprodev Ultimate Profile Solutions

Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions plugin for WordPress versions 1.9.1 through 7.5.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the handel ajax req function. This enables...

WordPress plugin Templines Elementor Helper Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...

CVE-2024-50250

The CVE-2024-50250 issue affects the Linux kernel fsdax code: dax_unshare_iter copies data from srcmap to iomap and previously did not align copy_pos/copy_len to a page boundary, allowing misalignment when iter-&gt;pos and length are not page-aligned. The bug can cause data corruption (when iter-...

WordPress plugin Event post security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-17987 · WordPress · Event Post Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Event post plugin for WordPress versions up to, and including, 5.9.5 Description: The issue allows unauthorized bulk metadata updates due to a missing nonce check on the save bulkdatas function. This enables unauthenticated attackers to updat...

WordPress plugin Event post 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

RHEL 5 : rsync (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rsync: daemon does not check for fnamecmp filenames allowing for access restriction bypass CVE-2017-17434...

PT-2020-12658

Name of the Vulnerable Software and Affected Versions: Rank Math plugin versions 1.0.40.2 and earlier Description: The issue allows unauthenticated remote attackers to update arbitrary WordPress metadata. This includes the ability to escalate or revoke administrative privileges for existing users...

EulerOS Virtualization for ARM 64 3.0.3.0 : rsync (EulerOS-SA-2019-2334)

According to the version of the rsync packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with...

CVE-2016-11010

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpitwocheckout payer metadata updates...