EUVD-2025-24809

Malicious code in bioql PyPI...

CVE-2025-8715

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

CVE-2024-8880

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main=coreauth=forgot=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code...

PT-2024-18061 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A critical issue has been identified, with a previous patch reintroducing a pre-existing vulnerability. The issue is considered critical. Recommendations: At the moment, there is no...

CVE-2024-41000 block/ioctl: prefer different overflow check

In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: 62.982337 ------------ cut here ------------ 62.985692 cgroup: Invalid name 62.986211...

AI ChatBot < 4.9.3 - Missing authorization in AJAX calls

Description The plugin does not check capabilities when processing AJAX actions, allowing unauthenticated attackers to perform actions intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2...

CVE-2021-4362

The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwisocialsharegetoption function called via the kiwisocialsharegetoption AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify...

Mitigation of M-10: Issue not mitigated

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-10: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings363 Comments Even though the protocol team applied the warden's recommendation in M-10, the feature to enable/disable derivatives added as a mitigati...

shopify-scripts: Garbage collector crash

This github issue-tt != MRBTTFREE' failed. Aborted The issue was reintroduced in ecee8c51b0ad8cddd9e422a3e5105f902d7e2781 and is still present in 051e40c0493f2de332f5439e3230c9fe6958bf1a. The issue is fixed by reverting ecee8c51b0ad8cddd9e422a3e5105f902d7e2781. Thank you, Dinko Galetic Denis Kasa...

Mail.app Image Attachment Command Execution

No description provided by source. $Id: mailappimageexec.rb 10397 2010-09-20 15:59:46Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

eXtremail 1.x/2.1 - Remote Format String Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructe...

eXtremail 1.x2.1 - Remote Format String (3)

eXtremail 1.x2.1 - Remote Format String 3 source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously...