Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 Proof Of Concept This repository provides scri...

Exploit for Use After Free in Apple Ipados

CVE-2025-24252 iOS "Airborne" Vulnerabilities - Log Artifact E...

ALSA-2025:8743 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: um: Fix out-of-bounds read in LDT setup CVE-2022-49395 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

CVE-2025-49004 Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website load...

CVE-2025-3582

CVE-2025-3582 affects the Newsletter WordPress plugin prior to version 8.85. The issue arises from inadequate sanitisation/escaping of Form settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Public sources in the provid...

CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

TRENDnet TV-IP121W 授权问题漏洞

TRENDnet TV-IP121W is a night vision wireless camera from Trendnet. An authorization issue vulnerability exists in TRENDnet TV-IP121W version 1.1.1 Build 36, which stems from improper authentication in the file /admin/setup.cgi...

D-Link DIR-816 安全漏洞

The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 suffers from a buffer overflow vulnerability, which originates from the failure of the QoSPortSetup parameter port0group in the file /goform/QoSPortSetup to correctly validate the length of the input data, which c...

The vulnerability of the QoSPortSetup() function (/goform/QoSPortSetup) of D-Link DIR-816 router microprogramming software allows a hacker to induce a service failure.

The vulnerability of the QoSPortSetup function /goform/QoSPortSetup of the D-Link DIR-816 router’s software is related to buffer overflow in the stack. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending a specially crafted POST request...

CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3584

The CVE-2025-3584 entry concerns the WordPress Newsletter plugin, affected in versions prior to 8.8.2. The vulnerability arises from insufficient sanitization/escaping of Subscription settings, allowing Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html ...

Maximize Your Minecraft: Optimal PC Setup and Server Hosting Essentials

Among all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…...

CVE-2025-1485 Real Cookie Banner < 5.1.6 - Admin+ Stored XSS

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh...

Linksys多款产品 注入漏洞

Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6500 is a wireless extender. An injection vulnerability exists in various Linksys products, which stems from a command injection due to...

PT-2025-27712

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.30 Description: A division by zero error can occur in the Linux kernel when the ptp rate is 0, leading to a kernel crash. This issue arises when the stmmac platform drivers do not properly handle the clk pt...

The vulnerability of the DataHandler module and the Setup Module of the TYPO3 content management system allows attackers to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the DataHandler module and the Setup Module in the TYPO3 content management system is related to the lack of necessary checks during password changes. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected...

The vulnerability of the smb2_sess_setup function in the fs/smb/server/smb2pdu.c module of the ksmbd component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the smb2sesssetup function in the fs/smb/server/smb2pdu.c module of the ksmbd component in the Linux operating system lies in the possibility of exploiting memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2402

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...