5 matches found
CVE-2025-13220
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-26352
A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...
CVE-2025-26346
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserGroupMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google TensorFlow 2.11.0, which can be exploited by attackers to cause out-of-bounds memory reads or crashes...