8338 matches found
PT-2025-32686 Ā· Kanboard Ā· Kanboard
Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.47 Description: Kanboard is project management software based on the Kanban methodology. A deserialization issue in ProjectEventActvityFormatter allows administrators to instantiate arbitrary PHP objects by...
Device Plugins for Kubernetes Advisory
Summary: A potential security vulnerability for some Device Plugins for Kubernetes software maintained by Intel may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24313 Description: Improper access...
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...
PT-2025-32464 Ā· Emqx Ā· Emqx
Name of the Vulnerable Software and Affected Versions: EMQX versions prior to 5.8.6 Description: Administrators could install arbitrary novel plugins via the Dashboard web interface. The supplier considers this intended behavior; however, version 5.8.6 introduced a defense-in-depth feature...
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...
EMQX 代ē é®é¢ę¼ę“
EMQX is an MQTT messaging server from EMQX Corporation. A code issue vulnerability exists in EMQX versions prior to 5.8.6 that stems from the Dashboard interface allowing the installation of arbitrary plugins, which could lead to a security risk...
CVE-2025-47808
A flaw was found in gstreamer1-plugins-base. The subparse plugin's tmplayerparseline function incorrectly attempts to dereference a NULL pointer during subtitle file parsing. This flaw allows a local attacker to provide a specially crafted subtitle file, causing the program to crash. Mitigation...
CVE-2025-47219
A flaw was found in gstreamer1-plugins-good. The isomp4 plugin's qtdemuxparsetrak function incorrectly handles MP4 file parsing, resulting in a heap buffer over-read. This flaw allows a local attacker to provide a specially crafted MP4 file. This over-read can lead to information disclosure...
CVE-2025-47183
A flaw was found in gstreamer1-plugins-good. The isomp4 plugin's qtdemuxparsetree function incorrectly handles MP4 file parsing, resulting in a heap buffer over-read. This flaw allows a local attacker to trigger this vulnerability by providing a specially crafted MP4 file. This over-read can lead...
CVE-2025-47807
A flaw was found in gstreamer1-plugins-base. The subparse plugin's subripunescapeformatting function contains a NULL pointer dereference when parsing a subtitle file, which can lead to a program crash. This vulnerability allows a local attacker to provide a specially crafted subtitle file, causin...
AZL-66192 CVE-2025-47808 affecting package gstreamer1-plugins-base 1.20.0-3
In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...
How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes
SQL Injection SQLi , a vulnerability almost as old as database-driven web applications themselves CWE-89, persists as a classic example of failing to neutralize user-supplied input before it's used in a SQL query. So why does this well-understood vulnerability type continue to exist? In the...
CVE-2025-8616 Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication
A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0...
SUSE CVE-2025-47943
Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...
Grav CMS å®å Øę¼ę“
Grav CMS is Grav open source a flat file-based content management system . Grav CMS suffers from a remote code execution vulnerability that originates from allowing authenticated administrators to upload malicious plugins via the admin/tools/direct-install interface, which can be exploited by an...
CLSA-2025-1754412669 gstreamer1-plugins-bad-free: Fix of CVE-2023-44446
CVE-2023-44446: fix use-after-free in MXF demuxer by storing essence tracks in fixed allocations...
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +105 more potentially affected by CVE-2025-7365 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.0.1)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-7365 Source advisory:...
gstreamer1-plugins-bad-free security update
An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...