CVE-2025-53371

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and filegetcontents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls...

CVE-2024-43363 Remote code execution via Log Poisoning in Cacti

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process completing only step 5 of the installation process is enough, no need to complete the steps before or after it to...

Intel® DCM Software Advisory

Summary: A potential security vulnerability in some Intel® Data Center Manager DCM software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-31273 Description: Protection mechanism failure in so...

FC Red Bull Salzburg App 5.1.9-R Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme CWE-939 Date found: 2023-04-06...

SecurePoint UTM 12.x Memory Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Scor...

SecurePoint UTM 12.x Session ID Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date...

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSRF CWE-352 Date found: 2023-01-13 Date published: 2023-02-08 CVSSv3 Scor...

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSR...

WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...

WordPress Quiz And Survey Master 8.0.8 Media Deletion

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...

Intel Data Center Manager 4.1 SQL Injection Vulnerability

Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected. 1...

Intel Data Center Manager 4.1 SQL Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: SQL Injection CWE-89 Date found: 2022-01-21 Date...

WordPress BeTheme 26.5.1.4 PHP Object Injection Vulnerability

ADVISORY INFORMATION ======================= Product: Betheme Vendor URL: https://muffingroup.com/betheme/ Type: Deserialization of Untrusted Data CWE-502 Date found: 2022-11-02 Date published: 2022-11-18 CVSSv3 Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2022-3861 2...

WordPress BeTheme 26.5.1.4 PHP Object Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Betheme Vendor URL: https://muffingroup.com/betheme/ Type: Deserialization of Untrusted Data CWE-502 Date found: 2022-11-02 Date published: 2022-11-18 CVSSv3 Score: 8.8...

WordPress BeCustom premium plugin <= 1.0.5.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Julien Ahrens RCE Security in the WordPress BeCustom premium plugin versions = 1.0.5.2. Solution Update the WordPress BeCustom plugin to the latest available version at least 1.0.5.3...

WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery Vulnerability

ADVISORY INFORMATION ======================= Product: BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-10-28 Date published: 2022-11-10 CVSSv3 Score: 5.7...

WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-10-28 Date published: 2022-11-10 CVSSv3...

Transposh WordPress Translation 1.0.8.1 Incorrect Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date...

Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability (2)

Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tptp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application...

Transposh WordPress Translation 1.0.8.1 Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Improper Authorization CWE-285 Date found: 2022-02-21 Date...