CVE-2021-29565

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

CVE-2021-41789

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN2019042601...

CVE-2021-39643

In icstartRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

CVE-2025-4391

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echogeneratefeaturedimage function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files...

PHPGurukul Car Rental Project 安全漏洞

Car Rental Project is a car rental program. Car Rental Project has an unlimited upload vulnerability that stems from the lack of valid validation of uploaded files by the parameters img1/img2/img3/img4/img5 in the file /admin/post-avehical.php. No details of the vulnerability are available at thi...

WordPress plugin Echo RSS Feed Post Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-4317

TheGem WordPress theme (TheGem

PT-2025-19909 · WordPress · Wpshop 2

Name of the Vulnerable Software and Affected Versions: WPshop 2 – E-Commerce plugin for WordPress versions 2.0.0 through 2.6.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to create valid API keys on behalf of other users due to missing validation o...

CVE-2025-1327

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-27813

MSI Center before 2.0.52.0 has Missing PE Signature Validation...

Restaurant Table Booking System edit-subadmin.php file SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the parameter fullname of the edit-subadmin.php file. An attacke...

Patient Record Management System dental_not.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the validation of externally entered SQL statements that are missing from parameter itrno in the dentalnot.php file. An attacker...

CVE-2025-2780

The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2025-14834 · Woocommerce · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions 4.0.1 through 7.2.4 Description: The issue is related to arbitrary file uploads due to missing file type validation in the validate product input fields on add to cart function. This allow...

CVE-2025-2005

The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

CVE-2025-2886

CVE-2025-2886 describes a flaw in the Amazon tough (TUF) client: missing validation of terminating delegations causes the client to continue searching the delegation list after a terminating delegation, potentially fetching a target from an incorrect source and altering contents. Affected softwar...

CVE-2024-13887

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...

Datalust Seq 跨站请求伪造漏洞

Datalust Seq is a logging server from Datalust Australia. It is used to speed up diagnostics in complex, asynchronous and distributed applications. A cross-site request forgery vulnerability exists in Datalust Seq versions prior to 2024.3.13545, which stems from a lack of Content-Type validation,...

CVE-2024-13882

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomaticgeneratefeaturedimage' function in all versions up to, and including, 2.3.8. This makes...

CVE-2024-13882

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomaticgeneratefeaturedimage' function in all versions up to, and including, 2.3.8. This makes...