CLSA-2025-1762179793 glib2: Fix of CVE-2024-34397

CVE-2024-34397: fix GDBus signal subscriptions from unicast spoofing...

CVE-2025-11740

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-37420

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-11740

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-11740 wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-11740

CVE-2025-11740 affects WordPress plugin wpForo Forum,

PT-2025-44709

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions through 2.4.9 Description The wpForo Forum plugin for WordPress is susceptible to SQL Injection through the Subscriptions Manager. Insufficient escaping of user-supplied parameters and inadequate...

EUVD-2025-35591

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...

CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

EUVD-2013-1679

Malware in sbrugna...

EUVD-2021-11640

Malware in sbrugna...

EUVD-2013-1847

Malware in sbrugna...

EUVD-2021-21090

Malware in sbrugna...

EUVD-2012-1190

Malware in sbrugna...

EUVD-2012-5975

Malware in sbrugna...

EUVD-2008-0904

Malware in sbrugna...

EUVD-2007-4895

Malware in sbrugna...

EUVD-2008-0056

Malware in sbrugna...

A week in security (September 29 &#8211; October 5)

Last week on Malwarebytes Labs: From threats to apology, hackers pull child data offline after public backlash Your Meta AI conversations may come back as ads in your feed Scam Facebook groups send malicious Android malware to seniors Sendit tricked kids, harvested their data, and faked messages,...

EUVD-2024-30515

Malicious code in bioql PyPI...