Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 12.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from using the Pages Router and when configuring i18n and middleware or proxy authorization. In these cases...

CVE-2026-39323

...

CVE-2025-11500

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

CVE-2025-11500 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

CVE-2025-68186

The CVE covers a Linux kernel issue in the ring-buffer code. The vulnerability stems from ring_buffer_map_get_reader() being too strict: when the reader catches up to the writer and there is still data on the reader page, rb_get_reader_page() can return NULL and trigger a warning. The fix ensures...

CVE-2025-52625

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...

EUVD-2024-47504

Malicious code in bioql PyPI...

SUSE CVE-2025-39912

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: restore creds before releasing pageio data Otherwise if the nfsd filecache code releases the nfsdfile immediately, it can trigger the BUGONcred == current-cred in putcred when it puts the nfsdfile-nffile-f-cred...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from releasing page IO data without recovering credentials, which could lead to null pointer dereferencing...

CVE-2025-59430

Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

CVE-2025-7839 Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

CVE-2025-7839

CVE-2025-7839 affects the WordPress plugin “Restore Permanently delete Post or Page Data” (versions up to 1.0). The root cause is missing or incorrect nonce validation in the rp_dpo_dpa_ajax_dp_delete_data() function, enabling CSRF. This allows unauthenticated attackers to delete site data by tri...

WordPress plugin Restore Permanently delete Post or Page Data 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Restore...

WordPress Restore Permanently delete Post or Page Data plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Restore Permanently delete Post or Page Data versions = 1.0...

Linux Distros Unpatched Vulnerability : CVE-2023-53081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2writeendnolock just zeroes out and...

CVE-2024-46547

A vulnerability was found in Romain Bourdon Wampserver all versions discovered in v3.2.3 and v3.2.6 where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks...

PT-2024-21824 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...