Tagged: Cybersecurity Alert

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their...

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager’s ‘public-key authentication’ setting unintentionally re-adds a user’s id_rsa.pub key from their local Windows machine to the authorized_keys...

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when...

School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. More information : https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-6

NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function. More information : https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-29699

An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure. More information : https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-45663

Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through 1.1.15. More information : https://vdp.patchstack.com/database/wordpress/plugin/wp-snow-effect/vulnerability/wordpress-wp-snow-effect-plugin-1-1-15-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x`...

A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of...

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103. More information : https://www.usom.gov.tr/bildirim/tr-25-0371

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004). More information :...

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004)....

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated...

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Token Handler. Such manipulation leads to authorization bypass....