Apache HTTP Server, Remote Code Execution, CVE-2021-41773 (Critical)
How the Mentioned CVE Works: CVE-2021-41773 is a critical vulnerability in Apache HTTP Server 2.4.49. It arises due to improper […]
Adobe InDesign, Heap-based Buffer Overflow, CVE-2025-21123 (Critical)
How the CVE Works: CVE-2025-21123 is a critical heap-based buffer overflow vulnerability affecting Adobe InDesign Desktop versions ID20.0, ID19.5.1, and
Substance3D Designer, Out-of-Bounds Write Vulnerability, CVE-2025-21161 (Critical)
How the Mentioned CVE Works: CVE-2025-21161 is a critical out-of-bounds write vulnerability affecting Substance3D Designer versions 14.0.2 and earlier. This
Pebble Templates, Local File Inclusion (LFI), CVE-2024-XXXX (Critical)
How the CVE Works: The vulnerability arises when untrusted user input is used to create a PebbleTemplate using the PebbleEnginegetLiteralTemplate
IBC-Go, Non-deterministic JSON Unmarshalling, CVE-2025-004 (Critical)
How the CVE Works: The vulnerability in IBC-Go arises from the non-deterministic deserialization of IBC acknowledgements during JSON unmarshalling. This
Web Application, Improper Input Validation, CVE-2023-XXXX (Critical)
How the Mentioned CVE Works: The vulnerability arises due to improper validation of user input in the “Role” field on
Rancher, Authentication Bypass, CVE-2023-XXXX (Critical)
How the Mentioned CVE Works: The vulnerability in Rancher allows an unauthenticated attacker to list and delete CLI authentication tokens
MongoDB, Control Character Injection, CVE-2025-XXXX (High)
How the Mentioned CVE Works: The MongoDB Shell (mongosh) is vulnerable to control character injection via its autocomplete feature. This
Button Block, Missing Authorization Vulnerability CVE-2025-22787 (Critical)
2025-02-25 A critical vulnerability, identified as CVE-2025-22787, has been discovered in the Button Block plugin developed by bPlugins LLC. This
Moodle, IDOR Vulnerability CVE-2025-XXXX (Low Severity)
2025-02-24 Moodle, a widely used learning management system, has been found to have an Insecure Direct Object Reference (IDOR) vulnerability
Moodle, Vulnerability type CVE-2025-XXXX (Moderate)
2025-02-24 Moodle’s feedback response viewing and deletions did not respect Separate Groups mode. This vulnerability has been classified as moderate
Tarteaucitron, Cross-site Scripting (XSS) CVE (Low Severity)
2025-02-24 Summary: The article discusses a low-severity Cross-site Scripting (XSS) vulnerability in the tarteaucitronjs package, specifically affecting versions before 1.17.0.
Mattermost, Arbitrary File Read Vulnerability CVE-2025-XXXX (Critical)
2025-02-24 Mattermost, a popular collaboration platform, has been found to have a critical vulnerability that allows attackers to read arbitrary
DethemeKit For Elementor, Information Exposure Vulnerability CVE-2025-0661 (Medium Severity)
2025-02-24 The DethemeKit For Elementor plugin for WordPress is vulnerable to information exposure in all versions up to and including
Real Estate Property Management System, SQL Injection Vulnerability CVE-2025-1374 (Critical)
2025-02-24 A critical vulnerability, identified as CVE-2025-1374, has been discovered in the Real Estate Property Management System version 1.0 by
WordPress, Stored Cross-Site Scripting CVE-2025-1005 (Critical)
2025-02-24 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the plugin’s Image Accordion
WordPress, Unauthorized Settings Change Vulnerability CVE-2025-0935 (Critical)
2025-02-24 The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings changes due to a missing capability