CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

CVE-2025-12590

CVE-2025-12590 applies to the WordPress YSlider plugin (all versions up to 1.1). The issue is a CSRF that enables Stored Cross-Site Scripting due to missing nonce verification on the content configuration page and insufficient input sanitization/output escaping. An unauthenticated attacker can fo...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that originates from the presence of a malformed JSON schema in the JSON content...

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration...

PT-2022-20463 · Vapor · Vapor

Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.61.1 Description: The issue is related to unbounded, attacker-controlled stack growth, which can lead to a stack overflow and a process crash when using automatic content decoding. An attacker can craft a request bod...