D-Link DIR-605L/DIR-618 formTcpipSetup Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An access control error vulnerability exists in the D-Link DIR-618 version 2.02 and DIR-605L version 3.02, which stems from improper access control in the file /goform/formTcpipSetup, and can be exploit...

Supply Chain Compromise of Third-Party tj-actions/changed-files (CVE-2025-30066) and reviewdog/action-setup@v1 (CVE-2025-30154)

A popular third-party GitHub Action, tj-actions/changed-files tracked as CVE-2025-30066link is external, was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets...

CVE-2024-12683

The CVE-2024-12683 issue affects the WordPress plugin Smart Maintenance Mode (affected versions before 1.5.2). The root cause is inadequate sanitisation/escaping of certain settings, which could allow stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_h...

PT-2025-20502

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved by adding a check for the plane value in the dispc ovl setup function. The function is not intended to work with the value OMAP DSS ...

The vulnerability of the reviewdog/action-setup component of the GitHub collaborative development platform allows a hacker to disclose protected information.

The vulnerability of the reviewdog/action-setup component of the GitHub collaborative development platform is related to the presence of undeclared capabilities. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

CVE-2024-13122

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10703

The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-11272

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...

CVE-2025-1452

The CVE-2025-1452 entry concerns the Favorites WordPress plugin (versions prior to 2.3.5). The issue is that certain settings are not properly sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisite setups). Connec...

CVE-2024-13123 AFI < 1.100.0 - Admin+ Stored XSS

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13123

The AFI WordPress plugin (versions prior to 1.100.0) is affected. Affected component: plugin settings sanitisation/escaping path in AFI before 1.100.0. Root cause: certain settings are not properly sanitised and escaped, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e...

CVE-2024-13122 AFI < 1.100.0 - Admin+ Stored XSS

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13122

The CVE-2024-13122 entry describes an issue in the AFI WordPress plugin prior to version 1.100.0 where some settings are not properly sanitised/escaped. This enables stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisite con...

CVE-2024-10679 Quiz and Survey Master (QSM) < 9.2.1 - Author+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10560

CVE-2024-10560 affects the WordPress plugin Form Maker by 10Web, specifically versions before 1.15.30. The issue is a failure to sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). The ...

CVE-2024-10472

The CVE-2024-10472 affects the WordPress plugin Stylish Price List, prior to version 7.1.12. The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., contributors), even when unfi...

CVE-2024-10105

The CVE-2024-10105 issue affects the WordPress Job Postings plugin (versions prior to 2.7.11). The root cause is inadequate sanitisation and escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., contributors) even when unfiltered_html is disallowed, including mul...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Tomcat CVE-2025-24813 playground ===============================...

Exploit for CVE-2025-29927

Introduction By manipulating the x-middleware-subrequest req...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30154link is external reviewdog action-setup GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for...