7911 matches found
CVE-2024-2310
The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2220
The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2907
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...
CVE-2025-31963
Summary (CVE-2025-31963) : In HCL BigFix IVR version 4.2, the local setup interface component suffers from improper authentication and missing CSRF protection. This allows a local attacker to perform unauthorized configuration changes through unauthenticated administrative configuration requests....
PT-2026-1576
Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description The local setup interface component suffers from improper authentication and a lack of CSRF protection. This allows a local attacker to make unauthorized configuration changes by sending unauthenticated...
CVE-2025-47343 Untrusted Pointer Dereference in Video
Memory corruption while processing a video session to set video parameters...
Malicious code in robustinfer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2fd89ce9f166281f91029df8dc7595d23503a595a4baba85f1702ccf0b4e2b11 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
GHSA-6G8Q-HP2J-GVWV Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer
Impact Projects using the SUSE Virtualization Harvester environment are vulnerable to this exploit if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utiliz...
CVE-2025-59156
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution RCEvulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker...
UBUNTU-CVE-2025-68762
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFFDISABLENETPOLL flag. The warning at kernel/workqueue.c:4242 in flushwork occurs because the cleanup...
CVE-2025-68765
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615mcuwtblstaadd In mt7615mcuwtblstaadd, an skb sskb is allocated. If the subsequent call to mt76connacmcuallocwtblreq fails, the function returns an error without freeing sskb, leading to a...
CVE-2025-68762 net: netpoll: initialize work queue before error checks
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFFDISABLENETPOLL flag. The warning at kernel/workqueue.c:4242 in flushwork occurs because the cleanup...
Linux Distros Unpatched Vulnerability : CVE-2023-54231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: libwx: fix memory leak in wxsetuprxresources When wxallocpagepool failed in wxsetuprxresources, it doesn't release DMA buffer. Add dmafreecoherent in the...
Linux Distros Unpatched Vulnerability : CVE-2022-50837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: tag8021q: avoid leaking ctx on dsatag8021qregister error path If dsatag8021qsetup fails, for example due to the inability of the device to install a...
Malicious code in blobhunter-depconf-poc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6bbf9ae244466116ca709955328b8ae27867658e636ac521004edd501b38d4ef Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in telstra (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e6ff467569b104f23ebbdc6ef58dec14795aaf14548185bd3b31886ecd9b8003 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-31 Malicious code in telstra (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e6ff467569b104f23ebbdc6ef58dec14795aaf14548185bd3b31886ecd9b8003 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
SecurityAnalystTasks
SecurityAnalystTasks This repository contains hands-on cyberse...
Malicious code in gatr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d3d1723e01bd7a4d33591053ec24cde4369a19677874b25a7d73dfa4dadf46e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...