CVE-2025-67981 WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through = 2.3.15...

PT-2026-6966

Name of the Vulnerable Software and Affected Versions Tenda TX9 versions up to 22.03.02.10 multi Description A flaw exists in the Tenda TX9 device, specifically within the sub 432580 function located in the /goform/fast setting wifi set file. Manipulation of the ssid argument can lead to a buffer...

WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Block Slider versions = 2.2.3...

CVE-2025-64121

Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Authentication Bypass.This issue affects Multi-Stack Controller MSC: from 2.3.8 before 2.5.1...

CVE-2025-8462

The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress plugin WP Masonry & Infinite Scroll 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-21595

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service DoS. On all Junos OS and Junos OS Evolved...

PT-2024-13336 · Ibm · Ibm Cloud Pak For Multicloud Management

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Multicloud Management versions 2.3 through 2.3 FP8 Description: The issue concerns the storage of user credentials in log files in plain clear text, which can be accessed by a privileged user. This results in the exposure of...

UBUNTU-CVE-2023-4682

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV...

Jenkins 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins version 2.399 and earlier, LTS version 2.387.3 and earlier. An attacker...

SUSE CVE-2021-29611

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

CVE-2022-21251

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Instance Main. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...

PYSEC-2021-741

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

Oracle E-Business Suite Oracle Trade Management Quotes 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on, a collection of management software, is seamlessly integrated with a management suite.Oracle Trade...

Openfiler Cross-Site Scripting Vulnerability

Openfiler is an open source network storage solution. A cross-site scripting vulnerability exists in admin / system.html in Openfiler version 2.3, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help of the 'device' parameter...

openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor()

A heap-based buffer overflow flaw was found in openjpeg in the opjt1clbldecodeprocessor in libopenjp2.so. Affecting versions through 2.3.1, the highest threat from this vulnerability is to file confidentiality and integrity as well as system availability...

CVE-2016-3524

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Configuration...

UBUNTU-CVE-2016-0738

OpenStack Object Storage Swift before 2.3.1 Kilo, 2.4.x, and 2.5.x before 2.5.1 Liberty do not properly close server connections, which allows remote attackers to cause a denial of service proxy-server resource consumption via a series of interrupted requests to a Large Object URL...

PT-2014-2315 · Zope +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 Description: The issue allows remote attackers to execute Python code via a crafted URL, related to createObject. This is possible due to a flaw in the python scripts.py module...