CVE-2025-13371

CVE-2025-13371 refers to Money Space (Money Space) WordPress plugin. The vulnerability affects all versions up to 2.13.9 and arises from the plugin storing full card data (PAN, cardholder name, expiry, CVV) in WordPress post_meta encoded with base64, then embedding these values into the public ms...

PT-2026-1563

Name of the Vulnerable Software and Affected Versions MoneySpace plugin for WordPress versions prior to 2.13.9 Description The MoneySpace plugin for WordPress exhibits a sensitive information exposure issue. The plugin stores complete payment card details – including Primary Account Number PAN,...

PT-2026-2205

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The credentials needed to access the device’s web server are transmitted in base64 within the HTTP headers. Base64 encoding is not a secure encryption method, allowing an attacker intercepting the we...

PT-2026-1674

Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612 Description The SOCA Access Control System contains a cross-site scripting issue in the senddata POST parameter of the 'logged page.php' file. This allows attackers to inject malicious scripts by sendi...

WordPress plugin MoneySpace 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

GHSA-4C5F-9MJ4-M247 flagd: Multiple Go Runtime CVEs Impact Security and Availability

Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...

[slackware-security] libpcap

New libpcap packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpcap-1.10.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Fix OOBR and OOBW in pcapetheraton. Fix a b...

PT-2026-23085

Name of the Vulnerable Software and Affected Versions libsoup versions 2.4.1-2.74.3 through 2.4.1-2.74.3-17.1 libsoup versions 3.0.0-3.6.6 through 3.0.0-3.6.6-1.1 Description The libsoup library contains flaws related to HTTP/1 request smuggling. Specifically, the soup headers parse function...

PT-2026-26138

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

PT-2026-4328

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.4 Description The issue resides in the XML ExternalEntityParserCreate function. It does not properly copy user data for unknown encoding handlers, potentially leading to memory corruption. Reports indicate a...

PT-2026-28803

Name of the Vulnerable Software and Affected Versions tinyproxy versions up to and including 1.11.3 Description An integer overflow in the HTTP chunked transfer encoding parser can lead to a denial of service DoS. The issue arises because chunk size values are parsed without proper overflow...

PT-2026-26144

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

PT-2026-3455

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. The freerdp bitmap decompress planar function does not properly validate the nSrcWidth and nSrcHeight parameters against...

PT-2026-6134

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the networking subsystem, specifically in the net/sched component related to the act ife functionality. The issue arises from a potential NULL...

CVE-2021-47726

NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to...

CVE-2022-50861

In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdrstream conversion inadvertently left some code that set the pagelen of the send buffer. The XDR stream encoders should handle this automatically now. This oversight...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the utf16letoutf8truncated function. An attacker can cause data to be written beyond the end of a buffer by triggering the conversion of Windows error messages containing characters that require 4-byte UTF-8...

PT-2025-54266

Name of the Vulnerable Software and Affected Versions libpcap affected versions not specified Description On Windows operating systems, a buffer overflow can occur when libpcap converts a Windows error message to UTF-8 if the message contains characters requiring 4 bytes in UTF-8 representation...

CVE-2025-14728

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to...

CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...