CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

CVE-2025-11433

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

PT-2025-41225

Name of the Vulnerable Software and Affected Versions itsourcecode Leave Management System version 1.0 Description A security flaw exists in itsourcecode Leave Management System 1.0. The issue impacts the redirect function within the /module/employee/controller.php?action=reset file, specifically...

CVE-2023-34869

PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /index.php?controller=pjAdmin=pjActionForgot...

SUSE CVE-2025-23162

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST0x941c register that driver uses to reset a GT. Attempt to trigger a reset using debugfs: $ cat...

DEBIAN-CVE-2022-49830

In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drmdevinit drmdevinit will add drmdevinitrelease as a callback. When drmmaddaction failed, the release function won't be added. As the result, the ref cnt added by deviceget in drmdevinit won...

DEBIAN-CVE-2025-23162

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST0x941c register that driver uses to reset a GT. Attempt to trigger a reset using debugfs: $ cat...

CVE-2024-5030

The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

LoLLMs Cross-Site Request Forgery Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site request forgery vulnerability exists in LoLLMs version v9.6. An attacker can exploit this vulnerability by sending a specially crafted cross-site request forgery form to trick a us...

CVE-2022-25810

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable th...

PT-2022-17535 · WordPress · Transposh Wordpress Translation Plugin

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions 1.0.8 and earlier Description: The issue allows access to sensitive actions, such as tp reset, under the Utilities tab, accessible via the /wp-admin/admin.php?page=tp utils endpoint. This...

Post Carousel < 2.3.5 - CSRF Bypass / Unauthorised AJAX Calls

The plugin did not properly check for CSRF in two of its AJAX actions, allowing them to be bypassed. Furthermore, other actions which should only be accessible to admins were missing capability check but had CSRF checks, and the spf-reset action did not validate that the actions to be delete belo...