https://cve.p4nd4.land/rss/recent/github/10 2025-04-29T10:12:48.515701+00:00 Vulnerability Lookup fkz@p4nd4.land python-feedgen Contains only the most 10 recent entries. https://cve.p4nd4.land/vuln/ghsa-m6p3-qgmc-f6gj 2025-04-29T10:12:48.730125+00:00 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. https://cve.p4nd4.land/vuln/ghsa-mxv8-5c66-f89g 2025-04-29T10:12:48.730119+00:00 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. https://cve.p4nd4.land/vuln/ghsa-23jc-43ph-xg8h 2025-04-29T10:12:48.730114+00:00 An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. https://cve.p4nd4.land/vuln/ghsa-368f-pgc7-8c4c 2025-04-29T10:12:48.730108+00:00 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647. https://cve.p4nd4.land/vuln/ghsa-6v6r-xmm5-77wp 2025-04-29T10:12:48.730102+00:00 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. https://cve.p4nd4.land/vuln/ghsa-94m8-rgr8-rg5g 2025-04-29T10:12:48.730096+00:00 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. https://cve.p4nd4.land/vuln/ghsa-j3qc-29cr-v3pc 2025-04-29T10:12:48.730090+00:00 A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. https://cve.p4nd4.land/vuln/ghsa-65vr-4gg3-qw3m 2025-04-29T10:12:48.730083+00:00 The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). https://cve.p4nd4.land/vuln/ghsa-x5q5-67q5-j256 2025-04-29T10:12:48.730072+00:00 The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. https://cve.p4nd4.land/vuln/ghsa-xp82-r324-2w4v 2025-04-29T10:12:48.730018+00:00 The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins.