8338 matches found
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
CVE-2025-0818
The CVE-2025-0818 entry maps to a Directory Traversal affecting several WordPress file-manager plugins using elFinder up to version 2.1.64. Connected sources confirm concrete exploit details: unauthenticated attackers can delete arbitrary files when a file-manager instance is exposed to users. Re...
CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
Malicious code in rush-plugins (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-6955 Malicious code in rush-plugins (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
PT-2025-32965
Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.3 Description: The plugin is susceptible to a PHP Object Injection due to the deserialization of untrusted input within the get lead...
PT-2025-33082 · Traq · Traq
Name of the Vulnerable Software and Affected Versions: Traq versions 2.0 through 2.3 Description: Traq versions 2.0 through 2.3 contain a remote code execution issue in the admincp/common.php script. The flawed authorization logic does not halt execution after a failed access check, allowing...
Improper Access Control
Overview Affected versions of this package are vulnerable to Improper Access Control in certain device plugins, which can allow denial of service. Remediation Upgrade github.com/intel/intel-device-plugins-for-kubernetes/cmd/internal/labeler to version 0.32.0 or higher. References - GitHub Commit ...
CVE-2025-24313
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...
CVE-2025-24313
CVE-2025-24313 affects Intel Device Plugins for Kubernetes prior to version 0.32.0. The root cause is improper access control in certain device plugin components, which can allow a privileged local attacker to trigger a denial of service, affecting availability. The official Intel advisory and co...
CVE-2025-24313
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...
CVE-2025-24313
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...
CVE-2025-55010
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...
CVE-2025-55010
Kanboard before 1.2.47 is affected by an unsafe deserialization in ProjectEventActvityFormatter that lets an admin modify event["data"] in project_activities to instantiate arbitrary PHP objects, enabling a gadget to write a web shell in /plugins and achieve remote code execution. The issue has b...
CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...
CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...
CVE-2025-8418 B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...
PT-2025-32726 · Intel · Intel Device Plugins For Kubernetes
Name of the Vulnerable Software and Affected Versions: Intel Device Plugins for Kubernetes versions prior to 0.32.0 Description: Improper access control in certain Device Plugins for Kubernetes software maintained by Intel may allow a privileged user to potentially cause a denial of service via...
Intel Device Plugins for Kubernetes 访问控制错误漏洞
Intel Device Plugins for Kubernetes is a set of frameworks and implementations developed by Intel for exposing hardware resources such as GPUs, FPGAs, etc. to container applications in a Kubernetes cluster. An improper access control vulnerability exists in Intel Device Plugins for Kubernetes,...