WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2023-54168 RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in setusersqsize The ucmd-logsqbbcount variable is controlled by the user so this shift can wrap. Fix it by using checkshloverflow in the same way that it was done in commit 515f60004ed9 "RDMA/hn...

EUVD-2016-1813

Malware in sbrugna...

EUVD-2015-4628

Malware in sbrugna...

EUVD-2025-14293

Malicious code in bioql PyPI...

CVE-2025-30040

Technical details about CVE-2025-30040 are not publicly available in the provided connected documents. Monitor for updates from official advisories and EUVD entries.

GHSA-QR9H-J6XG-2J72

creationtimestamp| type| source ---|---|--- 2025-07-09 18:57:07+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114824801590526083...

Authentication Bypass By Spoofing

Apache SeaTunnel is vulnerable to Authentication Bypass by Spoofing. The vulnerability is due to a hardcoded JWT key in the application, allowing an attacker to forge any token to log in as any user...

StoreFront Displays Incorrect Username

When there are multiple users with the same log on name in different domains, StoreFront displays incorrect name. For example, if the domain names are domain1\jdoe and domain2\jdoe for John Doe in domain 1 and Jane Doe in domain 2, StoreFront displays the incorrect display name when the user from...

Spoofing

The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site...

SUSE CVE-2006-3257

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including 1 calendar/myagenda.php, 2 document/document.php, 3 phpbb/newtopic.php, 4 tracking/userLog.php, and 5 wiki/page.php...

TeamPass stored cross-site scripting (XSS) vulnerability

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

OpenBMCS 2.4 - Information Disclosure

Exploit Title: OpenBMCS 2.4 - Information Disclosure Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your...

dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

Apache NiFi user log out issue

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

Cross site scripting

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd SEC-125...

Loadbalancer.org Enterprise VA MAX Cross Site Scripting

Title: Loadbalancer.org Enterprise VA MAX - Unauthenticated Stored XSS Author: Jakub Palaczynski Date: 24. July 2018 CVE: CVE-2018-18864 Affected product: ============= Loadbalancer.org Enterprise VA MAX before 8.3.3 Impact: ====== Remote Code Execution with root privileges. Vulnerability -...

Loadbalancer.org Enterprise VA MAX 8.3.2 Remote Code Execution

Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can store JavaScript code that can for...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can...