CVE-2025-49972 WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in David Wood TM Replace Howdy tm-replace-howdy allows Cross Site Request Forgery.This issue affects TM Replace Howdy: from n/a through = 1.4.2...

CVE-2025-49972

CVE-2025-49972 concerns the WordPress plugin TM Replace Howdy (versions

CVE-2025-49972 WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in David Wood TM Replace Howdy tm-replace-howdy allows Cross Site Request Forgery.This issue affects TM Replace Howdy: from n/a through = 1.4.2...

PT-2025-26340 · Unknown · Tm Replace Howdy

Name of the Vulnerable Software and Affected Versions: TM Replace Howdy versions 1.4.2 and earlier Description: A Cross-Site Request Forgery CSRF issue allows unauthorized actions to be performed on behalf of a user. This issue affects the TM Replace Howdy plugin, enabling Cross Site Request...

WordPress plugin TM Replace Howdy 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

DEBIAN-CVE-2022-50113

In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in graphgettype We should call ofnodeput for the reference before its replacement as it returned by ofgetparent which has increased the refcount. Besides, we should also call ofnodep...

CVE-2025-38050 mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios A kernel crash was observed when replacing free hugetlb folios: BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops:...

SUSE-SU-2025:01927-1 Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024150 fixes several issues. The following security issues were fixed: - CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. - CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077...

SUSE-SU-2025:01922-1 Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024144 fixes several issues. The following security issues were fixed: - CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. - CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077...

Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059185 fixes several issues. The following security issues were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077. Patch Instructions: To...

PT-2025-35984

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock situation can occur in the SMB/server component when smb2 create link is called with the ReplaceIfExists option set and the target file already exists. This happens because...

📄 vBulletin replaceAdTemplate Remote Code Execution

vBulletin replaceAdTemplate remote code execution proof of concept exploit. Versions 5.0.0 through 6.0.3 are affected. ?php / ----------------------------------------------------------------- vBulletin replaceAdTemplate Remote Code Execution Vulnerability...

CVE-2024-4873

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-32023

Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a path injection in the commongui.py findandreplace function. This vulnerability is fixed in 23.1.5...

CVE-2024-1750

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function getimgurl/imgreplace in the library lib/imagesgetdown.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely...

CVE-2024-36625

Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the replaceemojiwithtext function in uiutil.ts...

CVE-2024-54244

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Think201 Easy Replace easy-replace allows Stored XSS.This issue affects Easy Replace: from n/a through = 1.3...

CVE-2024-8734

The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-38759

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2...

CVE-2023-37973

Cross-Site Request Forgery CSRF vulnerability in David Pokorny Replace Word plugin = 2.1 versions...