Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the processsdp function using an uninitialized rtpaddr, potentially leading to incorrect rewriting of S...

CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

PT-2026-26682

Name of the Vulnerable Software and Affected Versions Kali Forms versions prior to 2.4.9 Description The Kali Forms plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 2.4.9. This is due to the prepare post data function mapping user-supplied keys directly...

PT-2026-24004

Name of the Vulnerable Software and Affected Versions Qi-ANXIN QAX Virus Removal versions prior to 2025-10-23 Description A weakness exists in Qi-ANXIN QAX Virus Removal. The issue is related to improper access controls that can be triggered by manipulating the ZwTerminateProcess function within...

CVE-2021-39548

An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function frame::FrameDecoder::process located in framedecoder.c. It allows an attacker to cause Denial of Service...

CVE-2025-44863

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

PT-2025-18658 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: The issue is related to a command injection vulnerability in the msg process function via the Url parameter. This allows attackers to execute arbitrary commands by crafting a specifi...

SPX Graphics Controller 安全漏洞

SPX Graphics Controller is a graphics controller by Tuomo Kulomaa Personal Developer. Manage and control HTML graphics in real-time productions. A security vulnerability exists in SPX Graphics Controller version v.1.3.0 and earlier versions. A remote attacker can exploit this vulnerability to...

WordPress Stop Spammers Security plugin <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process vulnerability

Cross-Site Request Forgery CSRF via sfsprocess vulnerability discovered by Lucio Sá in WordPress Plugin Stop Spammers versions = 2024.4...

PT-2023-21373 · Unknown · Broccoli-Compass

Name of the Vulnerable Software and Affected Versions: broccoli-compass version 0.2.4 Description: The issue is related to a remote code execution RCE vulnerability. It is exploited via the child process function. Recommendations: For broccoli-compass version 0.2.4, consider restricting the use o...

CVE-2023-29566

huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

CVE-2023-29566

huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

SUSE CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...

SUSE CVE-2020-13988

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

LDAP Injection

Camel LDAP is vulnerable to LDAP injection. The vulnerability is due to the process function in LdapProducer.java when using the filter options which allows an attacker to inject and execute LDAP queries into the system...

CVE-2022-41419

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4Processor::Process function in the mp4encrypt binary...

Cross-site Request Forgery (CSRF)

liferay is vulnerable to cross-site request forgery. The vulnerability exists due to the lack of validation in the csrf token in the process function of EditPageHandler.java, allowing an attacker to guess the csrf token value...

CVE-2021-39547

An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function lpc::SampleGenerator::process located in samplegenerator.cpp. It allows an attacker to cause Denial of Service...

Sela 代码问题漏洞

SELA is a lossless audio codec. a null pointer dereference vulnerability exists in the rice::RiceDecoder::process function in ricedecoder.c in SELA 20200412 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service...

CVE-2021-32924

Invision Community aka IPS Community Suite before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\builder::previewBlock method interacts unsafely with the IPS\Theme::runProcessFunction method...