CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

WordPress PostLists plugin <= 2.0.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin PostLists versions = 2.0.2...

WordPress ABCBiz Addons and Templates for Elementor plugin <= 2.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin ABCBiz Addons and Templates for Elementor versions = 2.0.2...

WordPress WordPress GDPR plugin <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin WordPress GDPR & CCPA versions = 2.0.2...

WordPress LGPD Framework plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin LGPD Framework versions = 2.0.2...

Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

Important: dotnet6.0

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0...

PT-2023-25220 · Iq Wifi 6 · Iq Wifi 6

Name of the Vulnerable Software and Affected Versions: IQ Wifi 6 versions prior to 2.0.2 Description: An unauthorized user could gain account access by conducting a brute force authentication attack. Recommendations: For IQ Wifi 6 versions prior to 2.0.2, update to version 2.0.2 or later to resol...

CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

CVE-2023-21769 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

...

PT-2023-10236 · Little Apps · Little Apps Little Software Stats

Name of the Vulnerable Software and Affected Versions: Little Apps Little Software Stats versions prior to 0.2 Description: A critical issue was found in the Password Reset Handler component, specifically in the file inc/class.securelogin.php, leading to improper access controls. The complexity o...

CVE-2022-33198

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin = 2.0.2 at WordPress...

HashiCorp go-getter 命令注入漏洞

HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. A command injection vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the presence of a comman...

CVE-2021-37569

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write...

CVE-2021-37570

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read...

SUSE-SU-2021:1637-1 Security update for python-httplib2

This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...

IBM Security Guardium Insights 信息泄露漏洞

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. An information disclosure vulnerability exists in IBM Security Guardium Insights 2.0.2. A remote attacker could exploit this...

DEBIAN-CVE-2020-12872

yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...

PT-2020-10763 · Trustwave +1 · Opendmarc +1

Name of the Vulnerable Software and Affected Versions: OpenDMARC versions 1.3.2 and 1.4.x Description: The issue allows attacks to bypass SPF and DMARC authentication when the HELO field is inconsistent with the MAIL FROM field, specifically when OpenDMARC is used with pypolicyd-spf 2.0.2...

CVE-2020-5521

The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...