CVE-2020-15131

In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...

CVE-2020-11072

In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...

CVE-2024-49623

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through = 1.0...

PT-2025-2590 · Google · Android Wificonfigurationutil

Name of the Vulnerable Software and Affected Versions: Android WifiConfigurationUtil affected versions not specified Description: A logic error in the code of WifiConfigurationUtil.java, specifically in the validateSsid function, could lead to a local denial of service due to a possible overflow ...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...

kernel security update

5.14.0-503.22.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

BIT-PHP-MIN-2021-21708 UAF due to php_filter_float() failing

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...

AZL-56121 CVE-2024-47809 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

CVE-2024-47809 dlm: fix possible lkb_resource null dereference

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

PT-2025-2733 · Ctfd · Ctfd

Name of the Vulnerable Software and Affected Versions: CTFd version 3.7.3 Description: The issue is related to the validate email function in CTFd/utils/validators/ init .py, which allows attackers to cause a Regular expression Denial of Service ReDoS by providing a crafted string as an email...

PT-2025-4485 · Optimizely · Episerver.Cms.Core

Name of the Vulnerable Software and Affected Versions: Optimizely EPiServer.CMS.Core versions prior to 12.32.0 Description: A medium-severity issue exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types,...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability, which stems from a lack of boundary checking in the DevmemValidateFlags function of the devicememserver.c file, which can be exploited by an attacker to caus...

Race Condition

Overview PSyclone is a PSyclone - a compiler for Finite Element/Volume/Difference DSLs in Fortran Affected versions of this package are vulnerable to Race Condition due to inadequate checks for pure procedure calls in loop parallelization. This vulnerability derives from the...

Vulnerability of RDMA/cma components of Linux operating system cores, allowing a hacker to trigger a service failure

The vulnerability of RDMA/cma components in Linux operating systems is related to memory leaks in the cmavalidateport function. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2024-36274 · Unknown · Phuc Pham Multiple Admin Emails

Name of the Vulnerable Software and Affected Versions: Phuc Pham Multiple Admin Emails versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This affects the multiple admin emails functionality...

php: Filter bypass in filter_var (FILTER_VALIDATE_URL)

A flaw was found in PHP. An early return in the filtervar FILTERVALIDATEURL function results in invalid user information username + password part of URLs being treated as valid user information. This issue impacts users who expect only completely valid URLs to be returned by filtervar...

WordPress plugin WP User Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38656 · Special Minds Design · E-Commerce

Name of the Vulnerable Software and Affected Versions: Special Minds Design and Software e-Commerce versions prior to 22.11.2024 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...