684 matches found
EUVD-2023-1817
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting...
PocketMine-MP 安全漏洞
PocketMine-MP is a game server software from PMMP Open Source. A security vulnerability exists in PocketMine-MP versions prior to 4.18.1, which stems from improper input validation in inventory transaction processing, and could lead to a remote attacker triggering a server crash and resulting in ...
PT-2025-54457
Name of the Vulnerable Software and Affected Versions PocketMine-MP versions prior to 4.18.1 Description PocketMine-MP versions prior to 4.18.1 have an issue with how input is checked when handling inventory transactions. A remote attacker who has a valid player session can ask the server to drop...
Media Player MP-01 vulnerable to Missing Authentication for Critical Function
Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...
CVE-2025-12049
Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...
CVE-2025-12049
Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...
PT-2025-52632
Name of the Vulnerable Software and Affected Versions Sharp Display Solutions Media Player MP-01 affected versions not specified Description A critical issue exists in Sharp Display Solutions Media Player MP-01 where a missing authentication check for a critical function allows unauthorized acces...
EUVD-2025-197656
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
CVE-2025-13174
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
CVE-2025-13174 rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
PT-2025-46996
Name of the Vulnerable Software and Affected Versions rachelos WeRSS we-mp-rss versions up to 1.4.7 Description A flaw exists in the Webhook Module of rachelos WeRSS we-mp-rss. The do job function within the /rachelos/we-mp-rss/blob/main/jobs/mps.py file is susceptible to server-side request...
CVE-2025-12193
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mp' parameter in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2025-12193 Mang Board WP <= 2.3.1 - Reflected Cross-Site Scripting
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mp' parameter in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2025-12193
Vulnerability: Reflected Cross-Site Scripting in the Mang Board WP plugin for WordPress via the 'mp' parameter in versions
PT-2025-45552
Name of the Vulnerable Software and Affected Versions Mang Board WP plugin for WordPress versions prior to 2.3.2 Description The Mang Board WP plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input sanitization and output escaping of the mp paramete...
JLSEC-2025-181 Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may all...
Uncontrolled search path element in the IntelR oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987556)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987556 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fcrecvframe mp safe Running tests with a debug kernel shows that...
VulnCheck KEV: CVE-2025-22905
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp...
EUVD-2019-0848
Malware in sbrugna...
EUVD-2019-19319
Malware in sbrugna...