CVE Alert: CVE-2024-38822
Vulnerability Summary: CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another...
Vulnerabilities
CVE Alert: CVE-2025-5815
Vulnerability Summary: CVE-2025-5815 The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing...
CVE Alert: CVE-2025-5938
Vulnerability Summary: CVE-2025-5938 The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request...
CVE Alert: CVE-2025-22236
Vulnerability Summary: CVE-2025-22236 Minion event bus authorization bypass. An attacker with access to a minion key can craft a message...
CVE Alert: CVE-2025-5282
Vulnerability Summary: CVE-2025-5282 The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable...
CVE Alert: CVE-2025-22242
Vulnerability Summary: CVE-2025-22242 Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method...
CVE Alert: CVE-2024-38825
Vulnerability Summary: CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is...
CVE Alert: CVE-2025-22240
Vulnerability Summary: CVE-2025-22240 Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is...
CVE Alert: CVE-2024-38823
Vulnerability Summary: CVE-2024-38823 Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport. Affected Endpoints:...
CVE Alert: CVE-2025-22241
Vulnerability Summary: CVE-2025-22241 File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated...
CVE Alert: CVE-2025-22237
Vulnerability Summary: CVE-2025-22237 An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a...
CVE Alert: CVE-2025-22238
Vulnerability Summary: CVE-2025-22238 Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory...
CVE Alert: CVE-2025-5923
Vulnerability Summary: CVE-2025-5923 The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter...
CVE Alert: CVE-2025-22239
Vulnerability Summary: CVE-2025-22239 Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion...
CVE Alert: CVE-2024-38824
Vulnerability Summary: CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory....
CVE Alert: CVE-2025-48825
Vulnerability Summary: CVE-2025-48825 RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less...
CVE Alert: CVE-2025-46783
Vulnerability Summary: CVE-2025-46783 Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this...
CVE Alert: CVE-2025-39240
Vulnerability Summary: CVE-2025-39240 Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation....
CVE Alert: CVE-2025-36506
Vulnerability Summary: CVE-2025-36506 External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions...
CVE Alert: CVE-2025-6012
Vulnerability Summary: CVE-2025-6012 The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all...
CVE Alert: CVE-2025-45986
Vulnerability Summary: CVE-2025-45986 Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4...
CVE Alert: CVE-2025-45987
Vulnerability Summary: CVE-2025-45987 Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4...
CVE Alert: CVE-2025-29902
Vulnerability Summary: CVE-2025-29902 Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. Affected Endpoints:...
CVE Alert: CVE-2025-45984
Vulnerability Summary: CVE-2025-45984 Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4...
