PT-2025-33126 · WordPress · Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: Quiz and Survey Master WordPress plugin versions prior to 10.2.3 Description: The Quiz and Survey Master QSM WordPress plugin does not have Cross-Site Request Forgery CSRF checks in place when updating its settings. This could allow attackers...

The vulnerability of the Site Survey web interface of the Intelbras RX 1500 and RX 3000 software allows attackers to perform cross-site scripting attacks.

The vulnerability of the Site Survey web interface of the Intelbras RX 1500 and RX 3000 software lies in the lack of measures taken to neutralize special elements during the processing of ESSID identifiers. Exploiting this vulnerability allows a remote attacker to perform domain-external attacks ...

TESI Gandia Integra Total SQL注入漏洞

TESI Gandia Integra Total is a Web-based online survey and data analysis system from TESI Spain. A SQL injection vulnerability exists in TESI Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1, which originates from an SQL injection of the parameter idestudio in the file...

Belkin F9K1122 安全漏洞

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability that originates from the incorrect operation of the parameter submit-url-ok in the file /goform/formBSSetSitesurvey, for which no detailed vulnerability details are provided...

BIT-LIMESURVEY-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

The vulnerability of the formSetWizard1() function in the /goform/formWlSiteSurvey file of the D-Link DIR-619L router’s software, which allows a hacker to cause a service failure.

The vulnerability of the formSetWizard1 function in the /goform/formWlSiteSurvey file of the D-Link DIR-619L router’s software is related to the issue where the operation’s output goes beyond the buffer in memory when processing the curTime parameter. Exploiting this vulnerability could allow an...

CVE-2025-6939

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. The TOTOLINK A3002RU version 3.0.0-B20230809.1615 suffers from a buffer overflow vulnerability, which originates from the parameter submit-url in the file /boafrm/formWlSiteSurvey failing to correctly validate t...

CVE-2025-6825

A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

D-Link DIR-619L formWlSiteSurvey File Buffer Overflow Vulnerability

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability, which originates from the failure of the parameter...

Fairness and Bias in Algorithmic Hiring: a Multidisciplinary Survey

Employers are adopting algorithmic hiring technology throughout the recruitment pipeline. Algorithmic fairness is especially applicable in this domain due to its high stakes and structural inequalities. Unfortunately, most work in this space provides partial treatment, often constrained by two...

CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack...

TOTOLINK A3002R 命令注入漏洞

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the parameter wlanif in the file /boafrm/formWlSiteSurvey failing to correctly filter constructed command special characters, commands, a...

A Survey of Foundation Models for IoT: Taxonomy and Criteria-Based Analysis

Foundation models have gained growing interest in the IoT domain due to their reduced reliance on labeled data and strong generalizability across tasks, which address key limitations of traditional machine learning approaches. However, most existing foundation model based methods are developed fo...

A Halpha Metric for Identifying Dormant Black Holes in X-Ray Transients

Dormant black holes BHs in X-ray transients can be identified by the presence of broad Ha emission lines from quiescent accretion discs. Unfortunately, short-period cataclysmic variables CVs can also produce broad Ha lines, especially when viewed at high inclinations, and are thus a major source ...

WordPress plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Poll, Survey & Quiz Maker Plugin...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Wifi: wcn36xx – Fix the memory allocation size for channel survey. KASAN reported a memory allocation issue in wcn-chansurvey, due to incorrect size calculations. This commit uses kcalloc to allocate memory for wcn-chansurvey,...

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

User Perceptions and Attitudes toward Untraceability in Messaging Platforms

Mainstream messaging platforms offer a variety of features designed to enhance user privacy, such as disappearing messages, password-protected chats, and end-to-end encryption E2EE, which primarily protect message contents. Beyond contents, the transmission of messages generates metadata that can...

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...