SUSE-SU-2025:3776-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption bsc1246430...

WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Listify versions = 3.2.5...

EUVD-2025-35555

Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through = 2.5.9...

CVE-2025-49376

Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through = 2.5.9...

CVE-2025-62606 my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

CVE-2025-49950 WordPress Official Integration for Billingo plugin <= 4.3.0 - Privilege Escalation vulnerability

Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through = 4.3.0...

CVE-2025-49950

CVE-2025-49950 affects the WordPress Official Integration for Billingo plugin. A missing authorization flaw enables privilege escalation in Official Integration for Billingo, affecting versions up to 4.2.5 (and related advisories reference stronger versions). Documented impact: privilege escalati...

CVE-2025-53041

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

CVE-2025-47901

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

WordPress Element Pack Addons for Elementor plugin <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by LionTree in WordPress Plugin Element Pack Elementor Addons versions = 8.2.5...

CVE-2025-47900

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-47902 SQL Injection in web resource

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

Amazon Linux 2 : sox, --advisory ALAS2-2025-3032 (ALAS-2025-3032)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3032 advisory. A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted w...

CVE-2025-11695

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

Linux Distros Unpatched Vulnerability : CVE-2022-50544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates stream context array for streaminfo -streamctxarray with...

DEBIAN-CVE-2022-50511

In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds i...

EUVD-2025-31721

Malicious code in bioql PyPI...

EUVD-2025-27523

Malicious code in bioql PyPI...