PT-2023-15144 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr final settings setup' AJAX action. This allows any authenticated user to finali...

PT-2025-13354

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential memory leak issue has been identified in the Linux kernel related to the cifs session setup. The problem occurs when the cifs ses::auth key.response is not properly freed...

CVE-2022-3855

The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

In yet another campaign targeting the Python Package Index PyPI repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin,...

Exploit for Out-of-bounds Read in Openssl

Heartbleed CVE-2014-0160 ========== Setup You will requir...

CVE-2022-4433

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure...

CPO Companion < 1.1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Lenovo ThinkPad 缓冲区错误漏洞

Lenovo ThinkPad is a portable computer from Lenovo, a Chinese company. The Lenovo ThinkPad suffers from a security vulnerability that stems from its LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause an information disclosure via a buffer out-of-bounds...

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

Cross site scripting

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

Cross site scripting

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4200 Login with Cognito <= 1.4.8 - Admin+ Stored XSS

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3936 Team Members < 5.2.1 - Editor+ Stored XSS

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

PT-2025-49713

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ath11k driver related to handling fragmented packets from an uninitialized peer in datapath dp. Specifically, when a maximum number of virtual...

CVE-2022-46597

TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sysservice parameter in the setupwizardmydlink sub4104B8 function...

CVE-2022-46588

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sysservice parameter in the setupwizardmydlink sub4104B8 function...

CVE-2022-46597

TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sysservice parameter in the setupwizardmydlink sub4104B8 function...

CVE-2022-46588

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sysservice parameter in the setupwizardmydlink sub4104B8 function...