EUVD-2022-0862

Malicious code in bioql PyPI...

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-10735

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...

CVE-2025-9944

CVE-2025-9944 affects the Professional Contact Form plugin for WordPress (all versions up to 1.0.0). Root cause: missing/invalid nonce validation in the watch_for_contact_form_submit function, enabling CSRF. Impact: unauthenticated attackers can trigger test emails by tricking an admin into perfo...

PT-2025-39718

Name of the Vulnerable Software and Affected Versions Professional Contact Form plugin for WordPress versions prior to 1.0.1 Description The Professional Contact Form plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of proper nonce validation within the...

CVE-2025-45326

An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submitsize.php component...

CVE-2025-45326

An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submitsize.php component...

CVE-2025-45326

An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submitsize.php component...

PocketVJ CP 安全漏洞

PocketVJ CP is a control panel software by magdesign individual developers. A security vulnerability exists in PocketVJ CP version 3.9.1, which stems from a flaw in the submitsize.php component that could lead to the execution of arbitrary code...

DEBIAN-CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

CVE-2023-53344

In CVE-2023-53344, the Linux kernel patch addresses a KMSAN uninitialized-value issue in bcm_tx_setup triggered by uninitialized memory during aio_write handling after a memcpy_from_msg call. The vulnerability chain involves can/bcm code allocating an op frame and copying data, with a comparison ...

CVE-2025-10277

A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. T...

CVE-2025-10277

A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. T...

CVE-2025-10277

CVE-2025-10277 affects YunaiV yudao-cloud (up to 2025.09). The flaw lies in processing the file /crm/receivable/submit where manipulation of the ID argument leads to improper authorization. The issue is exploitable remotely, and public exploits have been published. The vendor was contacted but di...

yudao-cloud 授权问题漏洞

yudao-cloud is a backend management system for YunaiV individual developers. An authorization issue vulnerability exists in yudao-cloud version 2025.09 and earlier, which stems from incorrect manipulation of the parameter ID in the file /crm/receivable/submit, which could lead to improper...

Linux Distros Unpatched Vulnerability : CVE-2023-37301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended...

PT-2025-46622

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the block I/O throttling mechanism. Specifically, a race condition existed during throttle policy activation, potentially leading to a NULL pointer...

drm/msm: Fix a fence leak in submit error path

...

drm/msm: Fix another leak in the submit error path

...

drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()

...