CVE-2025-64174

Magento-lts is a long-term support alternative to Magento Community Edition CE. Versions 20.15.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts...

EUVD-2025-38276

A cross-site scripting XSS vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following...

CVE-2025-54167

A cross-site scripting XSS vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following...

CVE-2025-54167 Notification Center

A cross-site scripting XSS vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following...

CVE-2025-54167

CVE-2025-54167 is a cross-site scripting (XSS) vulnerability affecting QNAP/N notification Center. The advisory bodies and connected sources confirm the issue exists in Notification Center components and versions prior to the fixed releases: 2.1.0.3443 and later, 1.9.2.3163 and later, and 3.0.0.3...

CVE-2025-54167 Notification Center

A cross-site scripting XSS vulnerability has been reported to affect Notification Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following...

QNAP Notification Center 跨站脚本漏洞

QNAP Notification Center is a system event alert and notification software from Taiwan, China-based QNAP Technology QNAP. A cross-site scripting vulnerability exists in QNAP Notification Center versions 2.1.0.3443, 1.9.2.3163, and 3.0.0.3466, which stems from susceptibility to cross-site scriptin...

PT-2025-45431

Name of the Vulnerable Software and Affected Versions Notification Center versions prior to 2.1.0.3443 Notification Center versions prior to 1.9.2.3163 Notification Center versions prior to 3.0.0.3466 Description A cross-site scripting XSS issue exists in Notification Center. An attacker who...

CVE-2025-64174

Magento-lts is a long-term support alternative to Magento Community Edition CE. Versions 20.15.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts...

xorg: xmayland: Use-after-free in XPresentNotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

EUVD-2025-37973

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

CVE-2025-11271

The CVE-2025-11271 entry concerns WordPress Easy Digital Downloads (EDD) plugin versions up to and including 3.5.2. The vulnerability is an order verification bypass: the POST parameter verification_override=1 causes the verification check to be skipped unconditionally, enabling an attacker to su...

PT-2025-45174

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads versions up to and including 3.5.2 Description The Easy Digital Downloads plugin for WordPress has a flaw that allows manipulation of orders. This is due to a bypass in order verification, which occurs when the...

CVE-2025-12412

The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on th tbnajaxadd function. This makes it possible for unauthenticated attackers to update the plugin's setting...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989853)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989853 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990362)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990362 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a...

CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications,"...

WordPress Top Bar Notification plugin <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Top Bar Notification versions = 1.12...

CVE-2025-12412

The CVE-2025-12412 entry concerns the WordPress Top Bar Notification plugin (versions