EUVD-2025-29712

Malicious code in bioql PyPI...

CVE-2025-47213

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-41092

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

CVE-2025-41096

Summary: CVE-2025-41096 is an Insecure Direct Object Reference (IDOR) in Bold Workplanner, affecting versions prior to 2.5.25. The vulnerability arises from insufficient validation of user input, allowing an authenticated user to access the dates of current contract details using unauthorized int...

CVE-2025-41095 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...

Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2025-1198)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1198 advisory. openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Tenable has extracted the preceding description block directly from the tested...

Linux Distros Unpatched Vulnerability : CVE-2025-58457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects...

WordPress plugin SKT Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-58019

CVE-2025-58019 affects the Search Atlas SEO metasync used by the WordPress Search Atlas SEO plugin. It is a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation, as described in the initial document. The issue affects Search Atlas SEO versio...

CVE-2022-50378

In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: +0.006275 ============================================================= +0.000029 BUG: KASAN:...

CVE-2022-50352

In the Linux kernel, the following vulnerability has been resolved: net: hns: fix possible memory leak in hnaeaeregister Inject fault while probing module, if deviceregister fails, but the refcount of kobject is not decreased to 0, the name allocated in devsetname is leaked. Fix this by calling...

CVE-2023-53251

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix NULL pointer dereference in iwlpcieirqrxmsixhandler rxq can be NULL only when transpcie-rxq is NULL and entry-entry is zero. For the case when entry-entry is not equal to 0, rxq won't be NULL even if...

CVE-2022-50323

In the Linux kernel, the following vulnerability has been resolved: net: do not sense pfmemalloc status in skbappendpagefrags skbappendpagefrags is used by afunix and udp sendpage implementation so far. In commit 326140063946 "tcp: TX zerocopy should not sense pfmemalloc status" we explained why ...

CVE-2022-50267

In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

CVE-2025-9979

CVE-2025-9979 concerns the Maspik WordPress plugin (versions up to 2.5.6). The root cause is missing capability checks in the Maspik_spamlog_download_csv function, enabling authenticated users with subscriber-level access and above to export the spam log database, which may contain misclassified ...

WordPress Maspik plugin <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export vulnerability

Authenticated Subscriber+ Missing Authorization to Spam Log Export vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Maspik – Spam blacklist versions = 2.5.6...

Baicells EG7035E-M11 跨站脚本漏洞

The Baicells EG7035E-M11 is an LTE base station from Baicells. A cross-site scripting vulnerability exists in the Baicells EG7035E-M11 BaiCEBM2.5.26NA version, which stems from improper input neutralization could lead to a cross-site scripting attack...

CVE-2025-49401

Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through = 4.0...

CVE-2025-58625

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

PT-2025-36220

Name of the Vulnerable Software and Affected Versions: Thomas Harris Search Cloud One versions through 2.2.5 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update Thomas...