CVE-2025-1203

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

VulnCheck KEV: CVE-2025-30154

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs...

The vulnerability of the acpi_device_setup_files() function in the drivers/acpi/device_sysfs.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the acpidevicesetupfiles function in the drivers/acpi/devicesysfs.c file of the Linux kernel relates to access to resources through incompatible types. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

Exploit for CVE-2025-29927

Next.js POC for CVE-2025-29927 - Authorization Bypass in Ne...

Exploit for Improper Access Control in Zabbix

CVE-2022-23134 Writeup and POC This is a...

GHSA-RM69-WVPV-R2W7 Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the /3/ParseSetup endpoint. An attacker can cause inefficient regular expression complexity, leading to the exhaustion of server resources and making the server unresponsive by applying...

PT-2025-12344 · D Link · D-Link Dir-605L +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-618 versions 2.02/3.02 D-Link DIR-605L versions 2.02/3.02 Description: A vulnerability was found that affects the file /goform/formTcpipSetup, leading to improper access controls. Access to the local network is required for this...

Kedro 输入验证错误漏洞

Kedro is a production-ready data science toolkit from Kedro Open Source. An input validation error vulnerability exists in Kedro version 0.19.8, which stems from the execution of the setup.py file by the pullpackage function and could lead to remote code execution...

The vulnerability of the sdhci_setup_host() function in the drivers/mmc/host/sdhci.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the sdhcisetuphost function in the drivers/mmc/host/sdhci.c module of the Linux kernel is related to improper control of resource identifiers “resource injection”. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2025-30154

CVE-2025-30154 involves the GitHub Action reviewdog/action-setup@v1, which was compromised on 2025-03-11 (18:42–20:31 UTC). The malicious code dumps exposed secrets to GitHub Actions workflow logs. Related reviewdog actions that rely on action-setup@v1 (including action-shellcheck, action-composi...

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

PT-2025-20508

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically an array overflow in the st setup function. The issue was addressed by changing the array size to follow the parms siz...

realtime-setup bug fix and enhancement update

An update is available for realtime-setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

CVE-2025-2360

A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

利用条件 + DefaultServlet 写入功能启用：需在 web.xml 中配置 readonly=false...

CVE-2025-1619

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1623 GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1621 GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1623

CVE-2025-1623 affects the GDPR Cookie Compliance WordPress plugin