DEBIAN-CVE-2025-39785

In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix irqrequest's irq name variable is local The local variable is passed in requestirq , and there will be use after free problem, which will make requestirq failed. Using the global irq name instead of it to...

CVE-2025-8678

The CVE-2025-8678 entry concerns the WordPress WP Crontrol plugin. Affected versions 1.17.0–1.19.1 expose a blind Server-Side Request Forgery via wp_remote_request() that can be exploited by authenticated administrators or higher to issue web requests from the WordPress host to arbitrary external...

CVE-2025-8678 WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

OliveTin OS Command Injection vulnerability

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

PT-2025-20299 · Q2Apro · Q2Apro

Name of the Vulnerable Software and Affected Versions: q2apro q2apro-on-site-notifications versions up to 1.4.6 Description: A problematic issue was found, affecting the process request function of the file q2apro-onsitenotifications-page.php. This leads to cross-site scripting and can be initiat...

CVE-2025-31490

CVE-2025-31490 affects AutoGPT prior to 0.6.1 and is caused by a DNS rebinding flaw in the requests wrapper used to validate hostnames. The wrapper, located at autogpt_platform/backend/backend/util/request.py, attempts to prevent SSRF by rejecting local IPv4/IPv6 resolutions, but a DNS server’s T...

PT-2025-6534 · WordPress · Wp Directorybox Manager

Name of the Vulnerable Software and Affected Versions: WP Directorybox Manager plugin for WordPress versions up to, and including, 2.5 Description: The issue is due to incorrect authentication in the wp dp parse request function, allowing unauthenticated attackers to log in as any existing user o...

PT-2024-6122 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: InPost for WooCommerce plugin versions 1.4.0 and earlier InPost PL plugin for WordPress versions 1.4.4 and earlier Description: The issue is related to a missing capability check on the parse request function, allowing unauthorized access and...

Prototype Pollution

@cafebazaar/hod is vulnerable to Prototype Pollution. The vulnerability is due to missing checks in the request function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

PT-2024-28325 · Unknown · Cafebazaar Hod

Name of the Vulnerable Software and Affected Versions: cafebazaar hod version 0.4.14 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties through a prototype pollution vulnerability in the request function...

hod security breach

hod is an open source library from Cafe Bazaar. A security vulnerability exists in hod version v0.4.14, which originates from the inclusion of prototype contamination via the function request, allowing an attacker to execute arbitrary code or cause a denial of service DoS by injecting arbitrary...

SUSE CVE-2017-15096

A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in sendbrickreq function in glusterfsd/src/gfattach.c may be used to cause denial of service...

Information Disclosure

DNS is vulnerable to information disclosure. The vulnerability exists due to the insecure random password generation in the Request function of Request.cs, allowing an attacker to guess the password and spoof the DNS responses...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness in the Request function, which uses cryptographically insecure random numbers. Remediation Upgrade DNS to version 7.0.0 or higher. References - GitHub Commit - GitHub PR...

PT-2022-35522 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to preventing integer overflow in the dfl feature ioctl set irq function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

Tinyproxy 安全漏洞

Tinyproxy is a small, efficient HTTP/SSL proxy daemon from the Tinyproxy open source. A security vulnerability exists in Tinyproxy that stems from not handling HTTP request lines in the processrequest function and is using uninitialized buffers. An attacker could exploit the vulnerability to acce...

PT-2022-25392 · Tinyproxy +2 · Tinyproxy +2

Name of the Vulnerable Software and Affected Versions: Tinyproxy versions prior to commit 84f203f Description: The issue is related to a potential leak of left-over heap data when custom error page templates containing special non-standard variables are used. This occurs because Tinyproxy commit...

CVE-2022-31827

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery SSRF via the function performFetchRequest at HTTPFetcher.php...

php_code_audit_project

The provided code snippet appears to be a PDF document containing a vulnerability report for ThinkPHP, a PHP framework. The report describes a request function vulnerability that allows for remote code execution. The code snippet is a PDF document with a single page containing a table with severa...