4580 matches found
WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability
Shortcode Injection vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Sign-up Sheets versions = 2.3.0.1...
PT-2025-18465
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference issue has been identified in the ICSS IEP driver of the Linux kernel. This issue occurs when disabling PPS and perout signals during the icss iep exit function...
PT-2025-16336 · Peertube · Peertube
Name of the Vulnerable Software and Affected Versions: PeerTube affected versions not specified Description: The issue allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who...
RHEL 6 / 7 : rh-java-common-apache-commons-collections (RHSA-2015:2523)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2523 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...
PT-2025-16554 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical issue has been identified, affecting the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file. This leads to improper access controls. The issue can be exploited...
PT-2025-16299 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to a denial of service. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...
Microsoft Edge Update Setup (Chromium-based) Elevation of Privilege Vulnerability (Apr 2025)
Microsoft Edge Update Setup Chromium-based is prone to an elevation of privilege vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
WordPress Logo Carousel Gutenberg Block plugin <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via sliderId Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Logo Carousel Gutenberg Block versions = 2.1.6...
WordPress MemberPress Discord Addon Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin MemberPress Discord Addon versions = 1.1.1...
CVE-2025-22371
CVE-2025-22371 affects SicommNet BASEC (SaaS) login page. A SQL Injection flaw in the authentication flow allows an unauthenticated remote attacker to bypass login and execute arbitrary SQL commands. The vulnerability is described as present at least since 14 Dec 2021 and likely earlier. Accordin...
WordPress SKT Skill Bar plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin SKT Skill Bar versions = 2.3...
WordPress Nepali Date Converter plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Nepali Date Converter versions = 2.0.8...
WordPress WP Delete User Accounts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin WP Delete User Accounts versions = 1.2.3...
Security advisory: A Heap-buffer-overflow issue in QTextMarkdownImporter impacts Qt
A Heap-buffer-overflow issue in QTextMarkdownImporter has been discovered and has been assigned the CVE id CVE-2025-3512. Affected versions: From 6.8.0 up to 6.8.3. Versions before 6.6.0 are known to be unaffected. Impact: Passing an incorrectly formatted markdown file to QTextMarkdownImporter ca...
GHSA-2CVJ-G5R5-JRRG SurrealDB has local file read of 2-column TSV files via analyzers
An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...
GHSA-M7RC-8W7M-R9QR SurrealDB vulnerable to memory exhaustion via nested functions and scripts
In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...
GHSA-RQ86-9M6R-CM3G SurrealDB has uncaught exception in Net module that leads to database crash
A vulnerability was found where an attacker can crash the database via crafting a HTTP query that returns a null byte. The problem relies on an uncaught exception in the net module, where the result of the query will be converted to JSON before showing as the HTTP response to the user in the /sql...
WordPress InstaWP Connect plugin <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion vulnerability
Unauthenticated Local PHP File Inclusion vulnerability discovered by Cheng Liu in WordPress Plugin InstaWP Connect versions = 0.1.0.85...
WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability
Broken Authentication Vulnerability discovered by LVT-tholv2k in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.11...
CVE-2025-22375
An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instanc...