855 matches found
WordPress plugin Guest posting / Frontend Posting / Front Editor – WP Front User Submit 安全漏洞
...
CVE-2025-2026
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...
CVE-2025-13029
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...
CVE-2025-2026
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...
CVE-2025-2026
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...
CVE-2025-2026
The CVE-2025-2026 entry affects the NPort 6100-G2/6200-G2 Series and is described in multiple sources (NVD, Red Hat advisories, others) as a high-severity issue where an authenticated remote attacker with web read-only privileges can perform a null byte injection via the device’s web API. Success...
EUVD-2025-205901
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...
Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞
The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that stems from a null byte injection in the device Web...
PT-2025-54289
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...
Synology BeeStation (BSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check
Synology BeeStation BSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...
PT-2025-51902
Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.2 Safari versions prior to 26.2 Description A flaw exists due to improved URL validation. Specifically, on a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that...
CVE-2025-67641
The CVE-2025-67641 entry concerns the Jenkins Coverage Plugin (versions 2.3054.ve1ff7b_a_a_123b_ and earlier). The root cause is insufficient validation of the configured coverage results ID when creating coverage results, with validation only occurring during UI-based job configuration, enabling...
Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Remote Known Vulnerable Versions Check
Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
GHSA-C6XV-RCVW-V685 Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
Summary A Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints AWS/GCP/Azure, scan internal networks, access internal services behind...
EUVD-2024-55300
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...
CVE-2024-5401
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...
CVE-2024-5401
CVE-2024-5401 affects Synology DiskStation Manager (DSM) WebAPI and Synology Unified Controller (DSMUC). The vulnerability is described as an improper control of dynamically-managed code resources in the WebAPI component, allowing remote authenticated users to obtain privileges without consent vi...
CVE-2024-5401
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...
CVE-2024-5401
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...