WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP All Import versions = 4.0.1...

ROOT-OS-UBUNTU-2404-CVE-2025-40156 CVE-2025-40156 in rootio-linux - Patched by Root

Root has patched CVE-2025-40156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

Northern.tech Mender Server 安全漏洞

Northern.tech Mender Server is an IoT server-side software developed by the American company Northern.tech. Versions of Northern.tech Mender Server such as 4.1.0, 4.0.1, and earlier have security vulnerabilities, which are due to a vulnerability that makes the system susceptible to directory...

CVE-2026-47069

CVE-2026-47069 describes a CRLF Injection in the Hackney library. The vulnerability arises from hackney_cookie:setcookie/3: Name/Value are checked for CRLF, but the domain and path options are concatenated into the output iolist without validation. An attacker controlling either option (e.g., Hos...

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

BIT-JRE-2024-21003

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

PT-2026-37999

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

CVE-2025-47147

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

PT-2026-22301

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

WordPress WP Ghost plugin <= 5.4.01 - Unauthenticated Limited File Read vulnerability

Unauthenticated Limited File Read vulnerability discovered by mikemyers in WordPress Plugin Hide My WP Ghost versions = 5.4.01...

WordPress WP jQuery DataTable plugin <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery DataTable versions = 4.0.1...

SUSE CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

CVE-2025-40940

CVE-2025-40940 affects Siemens SIMATIC CN 4100 (all versions

CVE-2025-40937

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited...

CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

CVE-2025-60632

Free5GC Fix for CVE-2025-60632: A DoS via crafted POST to Npcf_BDTPolicyControl API affects Free5GC v4.0.0/v4.0.1. The SNYK notes indicate improper handling in Npcf_BDTPolicyControl leading to availability impact. Remediation guidance from the connected SNYK reports recommends upgrading the affec...

AlmaLinux 10 : valkey (ALSA-2025:11401)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11401 advisory. redis: Redis Stack Buffer Overflow CVE-2025-27151 redis: Redis Unauthenticated Denial of Service CVE-2025-48367 redis: Redis Hyperloglog Out-of-Bounds...

EUVD-2025-31679

Malicious code in bioql PyPI...