CVE-2018-20859

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...

CVE-2018-12436

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physic...

CVE-2019-19958

In libIEC61850 1.4.0, StringUtilscreateStringFromBuffer in common/stringutilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service...

CVE-2019-17490

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge aka jnoj 0.8.0 allows arbitrary file upload, as demonstrated by PHP code with a .php filename but the image/png content type to the web/polygon/problem/tests URI...

CVE-2019-10497

Use after free issue occurs If another instance of open for voicesvc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2013-2123

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attacke...

CVE-2025-37928 dm-bufio: don't schedule in atomic context

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIGDEBUGATOMICSLEEP and tryverifyintasklet are enabled. 129.444685 T934 BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:24...

Agency Problems and Adversarial Bilevel Optimization under Uncertainty and Cyber Threats

We study an agency problem between a holding company and its subsidiary, exposed to cyber threats that affect the overall value of the subsidiary. The holding company seeks to design an optimal incentive scheme to mitigate these losses. In response, the subsidiary selects an optimal cybersecurity...

CVE-2024-33939

CVE-2024-33939 relates to the WordPress plugin Masteriyo – LMS (<= 1.7.3). Affected component: Masteriyo LMS REST endpoints exposing course progress data. Root cause: authentication/authorization bypass (insecure direct object reference) that allows unauthenticated users to access course progr...

CVE-2025-4838 kanwangzjm Funiture Login LoginServlet.java doPost redirect

A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of t...

CVE-2025-31063 WordPress Wishlist <= 2.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0...

Optimal Allocation of Privacy Budget on Hierarchical Data Release

Releasing useful information from datasets with hierarchical structures while preserving individual privacy presents a significant challenge. Standard privacy-preserving mechanisms, and in particular Differential Privacy, often require careful allocation of a finite privacy budget across differen...

CVE-2024-3062

The CVE-2024-3062 entry concerns the WordPress plugin Save as Image by Pdfcrowd (pre-3.2.2). It documents that certain settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Affected com...

CVE-2024-2643

CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...

CVE-2024-1663

CVE-2024-1663 affects the WordPress plugin Ultimate Noindex Nofollow Tool II (versions before 1.3.6). The issue is a lack of sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact is a...

CVE-2024-0852

coreActivity: Activity Logging plugin for WordPress (prior to 1.8.1) is vulnerable to unauthenticated Stored XSS due to insufficient escaping of certain request data when rendering in the admin logs dashboard. The issue allows an unauthenticated attacker to craft input that could execute JavaScri...

CVE-2023-7228

CVE-2023-7228 affects the WordPress plugin illi Link Party! (vuln:

CVE-2023-7229

CVE-2023-7229 affects the illi Link Party! WordPress plugin (versions

CVE-2023-7230

CVE-2023-7230 affects the WordPress plugin illi Link Party! (versions

CVE-2023-7196

CVE-2023-7196 affects the WordPress plugin Ultimate Noindex Nofollow Tool (versions