Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

Users Ultra <= 3.1.0 - SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

CVE-2026-22565

CVE-2026-22565: A vulnerability described as an improper input validation issue could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected products are UniFi Play PowerAmp (versions ≤ 1.0.35) and UniFi Play Audio Port (versions ≤ 1.0.24). ...

AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...

CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

AMD SMM Vulnerabilities February 2025 Security Update

AMD has informed HP of potential vulnerabilities identified in some AMD client platform firmware components, which might allow arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerabilities. HP has...

CVE-2025-46337

A flaw was found in ADOdb, a PHP database abstraction library. The improper escaping of user-supplied input passed to the pginsertid function while connected to a PostgreSQL database poses a significant SQL injection risk. This flaw allows an attacker to execute arbitrary SQL statements. Mitigati...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

🚨🚨 CVE-2024-53677-S2-067 🚨🚨 Security Notice: CVE-2024-53677...

CVE-2024-27981

The CVE-2024-27981 describes a Command Injection vulnerability in self-hosted UniFi Network Server software (Linux) running UniFi Network Application

Low: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based...

Default coin spend limit was set wrong for ETH

Lines of code Vulnerability details Impact It is stated in the README that some spend limit are configured for the swaps. This is a security precaution to avoid spending too much tokens for the default 4 CANTO tokens in order to onboard the users if their balance is less than 4 tokens. As a...

CVE-2022-35975

CVE-2022-35975 affects the GitOps Tools Extension for VSCode. A specially crafted Flux object can cause remote code execution on the machine running VSCode in the context of the user, impacting users managing clusters shared among multiple users. The issue is described as improper object validati...

WordPress DZS Zoomsounds 6.45 Arbitrary File Read

Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read Unauthenticated Google Dork: inurl:/wp-content/plugins/dzs-zoomsounds/ Date: 2/12/2021 Exploit Author: Uriel Yochpaz Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Software Link: Version: 1.10, 1.20, 1.30...

Siemens Siveillance Video DLNA Server

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siveillance Video DLNA Server Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to sensitive information on the DLNA...

Intel Optane PMem Advisory - Lenovo Support US

No description provided...

Ubiquiti Inc.: Camera adoption DoS - UniFi Protect

A vulnerability was found in UniFi Protect v1.13.7 and earlier that would allow an attacker to use spoofed cameras to perform a denial-of-service attack that could cause the UniFi Protect controller to crash. This vulnerability is fixed in UniFi Protect v1.17.1 and later versions. Affected...

Lenovo Vantage Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-38717 Potential Impact: Denial of Service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2020-8346 Summary Description: A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation tha...

CVE-2020-8910

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...

CVE-2020-8910 Auth Bypass in Google's Closure-Library

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...

CVE-2020-8923

CVE-2020-8923 describes an XSS in Dart via improper HTML sanitization that can be bypassed using DOM Clobbering. Affected: Dart SDK up to 2.7.1 and dev versions 2.8.0-dev.16.0 . Impact: attacker can inject custom HTML/JavaScript when user-provided data populates DOM nodes. Mitigation: upgrade to ...