3875 matches found
CVE-2025-60550
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone...
GHSA-64W3-5Q9M-68XF Keycloak does not invalidate sessions when "Remember Me" is disabled
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...
EUVD-2025-35689
Keycloak does not invalidate sessions when "Remember Me" is disabled...
Keycloak does not invalidate sessions when "Remember Me" is disabled
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...
CVE-2025-10651
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
EUVD-2025-35614
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-60341
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-10651
CVE-2025-10651: Welcart e-Commerce (WordPress)
CVE-2025-52079
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...
CVE-2025-60341
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
Tenda AC6 安全漏洞
Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the ssid parameter in the fastsettingwifiset function failing to properly validate the length of the input...
aiomysql 安全漏洞
aiomysql is a MySQL access library from aio-libs open source. A security vulnerability exists in aiomysql versions prior to 0.3.0, which stems from an unchecked client-side setting that could lead to a malicious server obtaining arbitrary client-side files...
CVE-2025-60341
Summary: CVE-2025-60341 affects Tenda AC6 V2.0 firmware 15.03.06.50. The issue is a stack overflow in the ssid parameter of the fast_setting_wifi_set function, caused by improper input length validation. This vulnerability can be exploited by a crafted input over the network to cause a Denial of ...
Malicious code in tailwind-setting (npm)
The package tailwind-setting was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 850a3c165ca8ecb1060d82506ab99a36786c8a41575310ee91507065a46d313d Any computer that has this package installed or running should be considered fully...
EUVD-2025-35032
Malicious code in tailwind-setting npm...
MAL-2025-48524 Malicious code in tailwind-setting (npm)
The package tailwind-setting was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 850a3c165ca8ecb1060d82506ab99a36786c8a41575310ee91507065a46d313d Any computer that has this package installed or running should be considered fully...
Malicious Package
Overview tailwind-setting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2025-11926
The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
CVE-2025-55099
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudioalternatesettinglocate when parsing a descriptor with attacker-controlled frequency fields...
CVE-2025-6893
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to ca...