CVE-2018-9406

CVE-2018-9406 concerns a vulnerability in NlpService where a missing permission check could allow access to location information, enabling local privilege escalation without additional execution privileges. The exploit requires only local access and does not require user interaction. Affected com...

CVE-2018-9464

CVE-2018-9464 is an Elevation of Privilege in the Google Android Kernel (Taimen bootloader) identified across multiple trackers. The vulnerability arises from a missing permission check, enabling local access to read protected files and escalate privileges with no additional execution privileges ...

CVE-2018-9434

CVE-2018-9434 is evidenced by a Binder Parcel overlap flaw in Android: Parcel data can overlap binder-object metadata, causing kernel pointers to be inserted into attacker-controlled buffers during unmarshalling. This enables information disclosure and an ASLR bypass, potentially allowing local p...

CVE-2018-9382

CVE-2018-9382 affects Android Wi‑Fi service (WifiServiceImpl.java). A missing permission check can allow activating a Wi‑Fi hotspot from a non‑owner profile, enabling local privilege escalation with no extra execution privileges and no user interaction required. Public data confirms the issue is ...

CVE-2018-9379

The CVE-2018-9379 issue affects the Media framework component MiniThumbFile.java on Google Pixel/Nexus devices. Description from multiple sources states a confused-deputy path could allow viewing thumbnails of deleted photos, causing local information disclosure without additional privileges and ...

CVE-2018-9383

CVE-2018-9383 is a vulnerability in the Linux kernel where the asn1_ber_decoder in lib/asn1_decoder.c allows an out-of-bounds read due to a missing bounds check. This can lead to local information disclosure and, per the description, system execution privileges could be required for exploitation;...

CVE-2025-23833

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RaminMT Links/Problem Reporter report-broken-links allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through = 2.6.0...

CVE-2025-23916 WordPress WP Meetup plugin <= 2.3.0 - Settings Change vulnerability

Missing Authorization vulnerability in Nuanced Media WP Meetup wp-meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through = 2.3.0...

WordPress Links/Problem Reporter plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Links/Problem Reporter versions = 2.6.0...

WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Links/Problem Reporter versions = 2.6.0...

WordPress plugin Links/Problem Reporter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

BIT-PHP-MIN-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

CVE-2025-22138

CVE-2025-22138 concerns @codidact/qpixel, an open-source Q&A platform. Affected versions allow information exposure when a category is private or has limited visibility: suggested edits in that category can be viewed by unprivileged or anonymous users via the suggested edit queue. This constitute...

CVE-2024-56788

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oatc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued from n/w stack. waitingtxskb pointer points to the tx skb which needs to be processed and...

CVE-2024-55916

The CVE-2024-55916 entry refers to a Linux kernel race where the KVP/VSS daemon may run before the VMBus ringbuffer is fully initialized. Concrete detail: a NULL pointer dereference can occur in hv_pkt_iter_first when the daemon opens / dev/vmbus/hv_kvp and registers before vmbus_open() completes...

CVE-2023-38037

CVE-2023-38037 affects Rails’ ActiveSupport::EncryptedFile, which writes data to a temporary file with permissions derived from the user’s umask. The temporary file could be readable by other users on the same system while a user edits it, enabling local information disclosure. Public documents f...

CVE-2023-27539

CVE-2023-27539 concerns a denial-of-service vulnerability in the header parsing component of Rack (Ruby Rack). The issue is described as a vulnerability in Rack's header parsing that can affect applications parsing HTTP headers with Rack, leading to potential DoS. The NVD metrics show a MEDIUM-se...

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

CVE-2024-27980

CVE-2024-27980 affects Node.js where improper handling of batch files in child_process.spawn/spawnSync allows a malicious command line argument to inject arbitrary commands and achieve code execution even when shell is not enabled. The issue is documented across multiple feeds (Node.js CVE entry,...

CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...