CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

CVE-2025-52666

Summary: CVE-2025-52666 affects Revive Adserver (versions 5.5.2, 6.0.1 and earlier). The issue is an improper neutralisation of format characters in the settings, which leads to a fatal PHP error that can cause the administrator user console to be disabled. The incident is described across multip...

USN-7877-1 libcupsfilters vulnerabilities

It was discovered that libcupsfilters incorrectly handled certain malformed TIFF image files. A remote attacker could use this issue to cause libcupsfilters to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-57812 It was discovered that libcupsfilters...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

PT-2025-47616

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

TencentOS Server 2: libxslt (TSSA-2025:0280)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0280 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

TencentOS Server 3: tar (TSSA-2023:0096)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0096 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: gstreamer1-plugins-bad-free (TSSA-2023:0323)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0323 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

nuclei2xray

Nuclei2Xray A tool written in Go language, used to convert Nu...

DEBIAN-CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...

CVE-2025-12528

CVE-2025-12528 concerns the Pie Forms for WP WordPress plugin (versions &lt;= 1.6). The issue is an Arbitrary File Upload due to insufficient file-type validation: validate_classic checks extensions but does not stop the upload, enabling unauthenticated attackers to upload dangerous extensions (e...

EUVD-2025-197948

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

OSV-2025-906 Use-of-uninitialized-value in QImage::pixel

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=461199967 Crash type: Use-of-uninitialized-value Crash state: QImage::pixel XCFImageFormat::copyGrayAToRGB XCFImageFormat::copyLayerToImage...

WordPress plugin Enable SVG, WebP, and ICO Upload 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

PT-2025-47259

Name of the Vulnerable Software and Affected Versions Pie Forms for WP plugin for WordPress versions prior to 1.7 Description The Pie Forms for WP plugin for WordPress is susceptible to an Arbitrary File Upload issue through the format classic function. Insufficient file type validation within th...

CVE-2025-56526

Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...

PT-2025-47285

Name of the Vulnerable Software and Affected Versions Enable SVG, WebP, and ICO Upload plugin for WordPress versions up to and including 1.1.2 Description The Enable SVG, WebP, and ICO Upload plugin for WordPress is susceptible to arbitrary file upload due to insufficient file type validation whe...

CVE-2025-56526

CVE-2025-56526 concerns Kotaemon 0.11.0 and is described as a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary code through a crafted PDF rendered by Kotaemon. The published descriptor includes a CVSS 3.1 base score of 6.1 (Medium) with network attack ve...