572 matches found
WordPress plugin Prevent Direct Access 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Prevent Direct Access 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
PT-2025-17883 · WordPress · Prevent Direct Access – Protect Wordpress Files
Name of the Vulnerable Software and Affected Versions: Prevent Direct Access – Protect WordPress Files plugin versions up to, and including, 2.8.8 Description: The issue allows unauthenticated attackers to extract sensitive data, including files protected by the plugin, due to insufficient...
CVE-2025-22062
CVE-2025-22062 affects the Linux kernel SCTP component. The issue arises from missing mutual exclusion in proc_sctp_do_udp_port, risking a crash if calls to sctp_udp_sock_stop() and sctp_udp_sock_start() are serialized improperly. The vulnerability is tied to the SCTP protocol, with proof of impa...
io_uring: prevent opcode speculation
...
PT-2025-20394 · Totolink · Totolink Nr1800X
Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6681 B20230703 Description: The issue is an authenticated stack overflow that occurs via the ssid5g parameter in the setWiFiEasyGuestCfg function. This allows for potential exploitation. Recommendations: For...
CVE-2025-29923
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
CVE-2024-54559
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data...
Cybersecurity in Crypto: Best Practices to Prevent Theft and Fraud
Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets…...
CVE-2025-21850
Public details about CVE-2025-21850 are limited in the provided documents. No explicit affected product versions, exploitation, or fixes are disclosed here; monitor for updates.
CVE-2025-21844
CVE-2025-21844 affects the Linux kernel SMB client path. The vulnerability could allow a NULL pointer dereference in the receive_encrypted_standard() path due to missing checks, which could crash the kernel. The fix adds checks for the next_buffer in receive_encrypted_standard() and validates the...
AZL-59423 CVE-2024-58083 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
SUSE CVE-2025-0914
An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...
CVE-2025-21812 ax25: rcu protect dev->ax25_ptr
In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev-ax25ptr syzbot found a lockdep issue 1. We should remove ax25 RTNL dependency in ax25setsockopt This should also fix a variety of possible UAF in ax25. 1 WARNING: possible circular locking dependency detecte...
CVE-2025-21725
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to unset link speed It isn't guaranteed that NETWORKINTERFACEINFO::LinkSpeed will always be set by the server, so the client must handle any values and then prevent oopses like below from happening: Oops...
CVE-2024-58000
CVE-2024-58000 affects the Linux kernel Io_uring reg-wait path. The root cause is speculative execution on a kernel array indexed by user input when using ENTER_EXT_ARG_REG, which could interpret an offset into a pre-mapped memory region as an argument. The documented fix is to prevent speculativ...
PT-2025-8961 · Unknown · Velociraptor
Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.73.4 Description: The issue is related to improper access control in the VQL shell feature, allowing authenticated users to execute the execve plugin even when it is explicitly forbidden by the prevent execve...
UBUNTU-CVE-2022-49539
In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER system error recover L2 reset process and ieee80211restarthw which is called by L2 reset process eventuall...
CVE-2022-49496
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev-pm.dev" will be NULL in mtkvcodecdecremove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko...
CVE-2022-49280 NFSD: prevent underflow in nfssvc_decode_writeargs()
In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvcdecodewriteargs Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvcdecodewriteargs warn: no lower bound on 'args-len' Change the type to unsigned to prevent this issue...