CVE-2021-3305

creationtimestamp| type| source ---|---|--- 2025-05-13 15:31:30+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16154...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...

CVE-2022-49805 net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init()

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: Fix potential null-ptr-deref in lan966xstatsinit lan966xstatsinit calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: lan966xstatsinit...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

WordPress plugin Twitter Card Generator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

Tenda W12 Buffer Overflow Vulnerability

The Tenda W12 is a wireless router that provides wireless network connectivity. A buffer overflow vulnerability exists in Tenda W12 version 3.0.0.5, which originates from the cgiWifiRadioSet function in the /bin/httpd file that fails to properly validate input data when processing a specific...

CVE-2022-20533

creationtimestamp| type| source ---|---|--- 2025-04-18 15:59:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12476...

CVE-2025-32676 WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through = 3.0.5...

CVE-2025-27832

The CVE-2025-27832 issue affects Ghostscript prior to 10.05.0, specifically the NPDL device’s Compression buffer in contrib/japanese/gdevnpdl.c, which leads to a buffer/integer overflow. Public reports from multiple sources (e.g., ALAS/Amazon Linux advisories and Astra Linux bulletin) confirm the...

Xpdf 安全漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf 4.05 and earlier versions, which stems from an integer overflow checking error in the PostScript function interpreter code,...

PrivateGPT 跨站脚本漏洞

PrivateGPT is an AI project open-sourced by Zylon. A cross-site scripting vulnerability exists in PrivateGPT version v0.5.0, which stems from cross-site scripting during file uploads, which allows an attacker to upload a malicious SVG file and execute JavaScript when the victim clicks on the file...

Linux Distros Unpatched Vulnerability : CVE-2022-24805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

AZL-57120 CVE-2025-27144 affecting package moby-containerd-cc for versions less than 1.7.7-9

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

UBUNTU-CVE-2025-27144

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 9.0.5 through versions prior to 10.1.3, which stems from a regular expression denial of service ReDoS attack that can be caused by crafting a specific options parameter...

CVE-2024-11771

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality...

CVE-2022-1711

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.5...

CVE-2024-37486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5...