7896 matches found
Exploit for CVE-2025-30208
CVE-2025-30208 & CVE-2025-31125 & CVE-2025-31486 1. Overvie...
CVE-2025-1453
The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Exploit for CVE-2025-32965
This is a PoC exploit for CVE-2025-32965, a supply chain attack...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
CVE-2025-32433 Remote Shell Go-based exploit for CVE-2025-3243...
SUSE CVE-2025-22037
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in allocpreauthhash The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn-preauthinfo is not...
SUSE CVE-2025-22092
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when...
CVE-2025-2162
The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-29931
CVE-2025-29931 affects Siemens TeleControl Server Basic versions prior to 3.1.2.2. The issue arises from insufficient validation of a length field in a serialized message, used to size memory for deserialization, which could allow an unauthenticated remote attacker to force excessive memory alloc...
CVE-2025-1525
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11924
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2024-11924 Email Subscribers < 5.7.52 - Admin+ Stored XSS
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
Exploit for CVE-2025-29775
SAMLStorm CVE-2025-29775 Lab Environment !Educationalhtt...
DEBIAN-CVE-2025-22092
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when...
CVE-2025-22067
In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...
DEBIAN-CVE-2025-22067
In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...
UBUNTU-CVE-2025-22067
In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...
DEBIAN-CVE-2025-22037
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in allocpreauthhash The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn-preauthinfo is not...
UBUNTU-CVE-2025-22037
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in allocpreauthhash The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn-preauthinfo is not...
CVE-2025-22092 PCI: Fix NULL dereference in SR-IOV VF creation error path
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when...
CVE-2025-22067 spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...