WordPress plugin LearnPress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Linux Distros Unpatched Vulnerability : CVE-2025-71242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when...

CVE-2024-32444

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through = 4.3.6...

CVE-2024-32444 WordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to improper verification of message recipients in the non-respondents report feature. An attacker can send messages to arbitrary site users by exploiting this verification...

PT-2024-26583

Name of the Vulnerable Software and Affected Versions Church Admin versions n/a through 4.3.6 Description The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, leading to various malicious outcomes...

PYSEC-2023-45

redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions fo...

SUSE CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

PT-2022-24856 · Unknown · Isolated-Vm

Name of the Vulnerable Software and Affected Versions: isolated-vm versions 4.3.6 and prior Description: The issue allows attackers to bypass the sandbox and run arbitrary code in the nodejs process if untrusted v8 cached data is passed to the API through CachedDataOptions. This can be exploited ...

BaserCMS Cross-Site Scripting and Remote Code Execution Vulnerabilities

BaserCMS is an open source enterprise-level content management system cms. A cross-site scripting and remote code execution vulnerability exists in the ThemeFilesController.php and UploaderFilesController.php components in baserCMS 4.3.6 and earlier versions. An attacker can exploit this...