23 matches found
CVE-2025-39590
CVE-2025-39590 corresponds to a Stored XSS in WPDeveloper Essential Addons for Elementor (affected: versions n/a–6.1.9). The vulnerability stems from improper input neutralization during Web Page Generation, enabling stored cross-site scripting. CVSS v3.1 metrics indicate a Network attack vector,...
WordPress plugin Essential Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value
Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...
CVE-2025-30373
CVE-2025-30373 affects Graylog (Graylog2-server) starting with version 6.1, where HTTP Inputs can be configured to require a header/value for authentication. The flaw: when the required header is missing or has an incorrect value, the system returns HTTP 401 but ingests the message anyway, effect...
CVE-2024-37155 OpenCTI May Bypass Introspection Restriction
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...
CVE-2023-44227
Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9...
PT-2024-13180 · Mitchell Bennis · Simple File List
Name of the Vulnerable Software and Affected Versions: Simple File List versions 6.1.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Mitchell Bennis Simple File List. Recommendations: For versions 6.1.9 and earlier, update to a version that includes a f...
WordPress Plugin Simple File List 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
GSD-2023-1001913 tracing: Make sure trace_printk() can output as soon as it can be used
tracing: Make sure traceprintk can output as soon as it can be used This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...
PT-2023-35005 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: A potential issue in the Bluetooth implementation of the Linux Kernel may cause a deadlock in rfcomm sk state change. The actual impact and attack plausibility have not yet been proven...
PT-2023-34985 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to the EDAC/qcom driver in the Linux Kernel, where the llcc driv data is passed as edac device ctl info's pvt info. The actual impact and attack plausibility have not yet...
PT-2023-34971 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to the x86/i8259 legacy PIC interrupts, which are marked with IRQ LEVEL. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...
PT-2023-35022 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to the misuse of kvcalloc with GFP NOFAIL in erofs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior t...
PT-2023-34996 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to an error code in the thermal cooling device register function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
PT-2023-35021 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.2 through v6.1.8 Description: A potential security issue exists due to an ib block iterator counter overflow in the RDMA/core component. The actual impact and attack plausibility have not yet been proven...
PT-2023-34979 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: A use-after-free UaF issue exists in the netns ops registration error path. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prio...
CVE-2022-44120
dedecmdv6 6.1.9 is vulnerable to SQL Injection. via syssqlquery.php...
PT-2022-26792 · Dedecmdv6 · Dedecmdv6
Name of the Vulnerable Software and Affected Versions: dedecmdv6 version 6.1.9 Description: The issue allows for Arbitrary file deletion via the "file manage control.php" endpoint. Recommendations: For dedecmdv6 version 6.1.9, consider restricting access to the "file manage control.php" endpoint...
DedeCMS 安全漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...
CVE-2021-37713
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...