SPIP Saisies - Remote Code Execution

SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions. id: CVE-2025-71243 info: name: SPIP Saisies - Remote Code Execution author: omarkurt severity:...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 had security vulnerabilities. These vulnerabilities stemmed from the ability to create, replace, and delete user avatars without restricting user update permissions...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions prior to Kirby 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the ability to inject dynamic blueprint configurations during the creation of pages, files, and users, which may lead to...

VulnCheck KEV: CVE-2025-71243

The 'Saisies pour formulaire' Saisies plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution RCE vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later...

CVE-2026-32874 UltraJSON has a Memory Leak parsing large integers allows DoS

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requires a...

CVE-2025-71243

The 'Saisies pour formulaire' Saisies plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution RCE vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later...

Exploit for CVE-2025-71243

CVE-2025-71243 - SPIP Saisies Plugin Remote Code Execution...

UBUNTU-CVE-2022-28068

A heap buffer overflow in rsleb128 function in radare2 5.4.2 and 5.4.0...

PT-2023-12932 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: radare2 versions 5.4.0 through 5.4.2 Description: A heap buffer overflow issue exists in the vax opfunction of radare2. Recommendations: For versions 5.4.0 through 5.4.2, at the moment, there is no information about a newer version that...

Vulnerability fixed in WordPress Essential Addons For Elementor plugin

A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...

IBM QRadar Network Security Trust Management Issue Vulnerability

IBM QRadar Network Security is a network security manager from IBM, USA. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.IBM QRadar Network...

Lua 资源管理错误漏洞

Lua is a lightweight, extended open source scripting language from the Lua LUA team. Lua interpreter versions 5.4.0 through 5.4.3 are vulnerable to a resource management error, which can be exploited by attackers to execute Sandbox Escape via a specially crafted script file...

ai.dstack:server-base-local (>=0.0.12 <=0.1.15), ai.hyacinth.framework:core-service-jpa-support (=0.5.24) +1905 more potentially affected by CVE-2020-25638 via org.hibernate:hibernate-core (>=5.4.0.Final <=5.4.23.Final)

org.hibernate:hibernate-core MAVEN version =5.4.0.Final, =0.0.12, =0.0.4, =3.7.0, =5.0.0, =5.0.0, =3.7.0, =5.0.0, =3.7.0, =5.1.0, =3.7.0, =5.2.1 and more Source cves: CVE-2020-25638 Source advisory: OSV:GHSA-J8JW-G6FQ-MP7H...

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-4152, CVE-2020-4160, CVE-2020-4153)

Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-4152 DESCRIPTION: IBM QRadar Network Security transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle...

CVE-2019-17338

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0...

[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip

PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-02 Released on: 21st March 2012 Affected products: libzip = 0.10 PHP 5.4.0 PHP = 5.3.10 zipruby = 0.3.6 Impact: heap overflow, information leak Credit: - Thomas Klausner - Timo Warns PRESENSE Technologies GmbH CVE...