WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Simplebooklet PDF Viewer and Embedder versions = 1.1.2...

Linux Distros Unpatched Vulnerability : CVE-2022-50883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Prevent decltag from being referenced in funcproto arg Syzkaller managed to hit another decltag issue: btffuncprotocheck kernel/bpf/btf.c:4506 inline...

CVE-2022-50883

CVE-2022-50883 concerns the Linux kernel, where a bpf-related vulnerability allowed a decl_tag to be referenced in a function prototype argument. The issue surfaces when parsing BTF/func_proto during bpf_btf_load and related paths, as Syzkaller traced an offending decl_tag usage through btf_func_...

CLSA-2025-1767090011 binutils: Fix of CVE-2025-11083

CVE-2025-11083: fix corrupt ELF section header handling...

CVE-2022-50862 bpf: prevent decl_tag from being referenced in func_proto

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decltag from being referenced in funcproto Syzkaller was able to hit the following issue: ------------ cut here ------------ WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...

CVE-2025-57462

Stored cross-site scripting xss in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper BTF type checking, which may result in a kernel warning...

CVE-2025-68431

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay. The function computes a negative row length likely from an unclipped overlay rectangle or...

EUVD-2025-205583

Reflected Cross site scripting xss in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file...

CLSA-2025-1767002772 binutils: Fix of CVE-2025-11083

CVE-2025-11083: fix crash in linker for corrupt ELF input...

(0Day) FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files...

PT-2025-53819

Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge due to insufficient validation of user-supplied data length before copying it into a heap-based buffer during the parsing of SFD files. This can allow a remote...

PT-2025-53827

Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge related to parsing SFD files. The issue is a use-after-free condition resulting from a lack of validation before operating on an object. This can allow a remote...

PT-2025-53821

Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge related to the parsing of SFD files. The issue is due to insufficient validation of user-supplied data length before copying it into a heap-based buffer,...

[SECURITY] Fedora 43 Update: tkimg-2.1.0-1.fc43

This package contains a collection of image format handlers for the Tk photo image type, and a new image type, pixmaps...

[SECURITY] Fedora 42 Update: tkimg-2.1.0-1.fc42

This package contains a collection of image format handlers for the Tk photo image type, and a new image type, pixmaps...

CVE-2025-8075

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

CLSA-2025-1766657780 Fix CVE(s): CVE-2025-1181

SECURITY UPDATE: memory corruption when processing relocations for ELF files - debian/patches/CVE-2025-1181.patch: prevent illegal memory access when checking relocs in a corrupt ELF binary - CVE-2025-1181...

SUSE CVE-2025-68728

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed miread in miformatnew Fix a KMSAN un-init bug found by syzkaller. ntfsgetbh expects a buffer from sbgetblk, that buffer may not be uptodate. We do not bring the buffer uptodate before setting...

CVE-2025-14411

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...