CVE-2026-22192

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access...

EUVD-2026-11743

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious JSON import file containing script payloads in...

CVE-2026-22192

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access...

CVE-2026-22192 Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via localStorage

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access...

CVE-2025-11947

A weakness has been identified in bftpd up to 6.2. Impacted is the function expandgroups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this natur...

EUVD-2025-35011

A weakness has been identified in bftpd up to 6.2. Impacted is the function expandgroups of the file options.c of the component Configuration File Handler. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this nature...

CVE-2025-11947

A weakness has been identified in bftpd up to 6.2. Impacted is the function expandgroups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this natur...

CVE-2025-11947

CVE-2025-11947 affects bftpd up to version 6.2. The vulnerability is a heap-based overflow in the expand_groups function of options.c within the Configuration File Handler. Exploitation requires local access (attack vector: LOCAL) with HIGH complexity and LOW privileges, as described in the sourc...

CVE-2025-10311

The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated attackers to modify...

EUVD-2025-32286

Malicious code in bioql PyPI...

PT-2025-40473

The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated attackers to modify...

WordPress plugin Comment Info Detector 跨站请求伪造漏洞

WordPress Comment Info Detector plugin is a WordPress plugin for displaying commenter browser and operating system information, developed by Kyle Baker. The WordPress Comment Info Detector plugin suffers from a cross-site request forgery vulnerability that stems from the options.php file not...

axboe fio options.c str_buffer_pattern_cb null pointer dereference

...

AZL-67664 CVE-2025-10823 affecting package fio for versions less than 3.30-3

A vulnerability was found in axboe fio up to 3.41. This affects the function strbufferpatterncb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used...

CVE-2025-10823

A vulnerability was found in axboe fio up to 3.41. This affects the function strbufferpatterncb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used...

AZL-67625 CVE-2025-10823 affecting package fio for versions less than 3.37-3

A vulnerability was found in axboe fio up to 3.41. This affects the function strbufferpatterncb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used...

CVE-2025-10823 axboe fio options.c str_buffer_pattern_cb null pointer dereference

A vulnerability was found in axboe fio up to 3.41. This affects the function strbufferpatterncb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used...

CVE-2025-10823

A vulnerability was found in axboe fio up to 3.41. This affects the function strbufferpatterncb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used...

VulnCheck KEV: CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch...

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...