EUVD-2025-209674

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

CVE-2025-71274 rpmsg: core: fix race in driver_override_show() and use core helper

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

EUVD-2026-23837

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633 Yifang CMS Extended Management L_rbac_admin.php store cross site scripting

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633

Yifang CMS

PT-2026-33755

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang backend account/logic/admin/L rbac admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005094 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of...

PT-2026-1397

Name of the Vulnerable Software and Affected Versions Popup and Slider Builder by Depicter versions through 4.0.7 Description The Popup and Slider Builder by Depicter plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the store function of the...

CVE-2023-31823

An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function...

CVE-2023-31823

An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function...

CVE-2023-31823

CVE-2023-31823 affects Marui Official app v13.6.1. The issue allows a remote attacker to access sensitive information via the channel access token used by the miniapp Store function (Marui Official Store). Impact is information disclosure; no exploitation details are provided beyond this descript...

CVE-2018-21087

An issue was discovered on Samsung mobile devices with L5.x, M6.x, and N7.x software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 January 2018...

RunCMS 1.6.1 - (pm.class.php) Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/29069/info RunCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...

Null pointer dereference

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY SELECT ... WHERE ..." statements, which triggers a NULL pointer dereference in the...

RunCMS 2M1 SQL Injection

postid.", pid=".$this-pid.", topicid=".$this-topicid.", forumid=".$this-forumid.", posttime=$datetime, uid=".$this-uid.", posterip='".$this-posterip."', subject='".$subject."', posttext='".$posttext."', allowhtml=".intval$this-allowhtml.", allowsmileys=".intval$this-allowsmileys.",...

RunCMS <= 1.6.1 (msg_image) SQL Injection Exploit

No description provided by source. !/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

RunCMS 1.6.1 - msg_image SQL Injection

RunCMS 1.6.1 - msgimage SQL Injection !/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / /...