redis:6 security update

6.2.18-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605...

WordPress plugin wp-connect 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

UBUNTU-CVE-2025-31205

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin...

WordPress plugin Vasaio QR Code 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Booster for WooCommerce plugin <= 7.2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Booster for WooCommerce versions = 7.2.5...

Denkovi DAEnetIP4 METO 安全漏洞

Denkovi DAEnetIP4 METO is a multifunctional 10/100 Mb Ethernet device IP controller from Denkovi for management and control. A security vulnerability exists in Denkovi DAEnetIP4 METO version 1.25, which stems from improper session management in the /loginok.htm endpoint, and could lead to a sessi...

UBUNTU-CVE-2025-22067

In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...

CVE-2025-30730

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2025-31017

CVE-2025-31017: Nav Menu Manager suffers an authenticated Stored XSS (CWE) in versions up to 3.2.5. The vulnerability can be exploited by an attacker with at least Contributor privileges via stored input that is rendered on web pages, potentially impacting confidentiality, integrity, and availabi...

CVE-2025-31534 WordPress Shopper plugin <= 3.2.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shopperdotcom Shopper shopper allows SQL Injection.This issue affects Shopper: from n/a through = 3.2.5...

CVE-2025-31534 WordPress Shopper plugin <= 3.2.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shopperdotcom Shopper allows SQL Injection. This issue affects Shopper: from n/a through 3.2.5...

CVE-2025-31888 WordPress WP Multi Store Locator Plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Cross Site Request Forgery.This issue affects WP Multistore Locator: from n/a through = 2.5.2...

CVE-2024-12278

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wpkses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress Kubio AI Page Builder plugin <= 2.5.1 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin Kubio AI Page Builder versions = 2.5.1...

CVE-2024-53678

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by th...

OpenSlides 安全漏洞

OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in versions of OpenSlides prior to 4.2.5 that stems from allowing the insertion of various...

Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

Linux Distros Unpatched Vulnerability : CVE-2020-25645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt...

PT-2025-9068 · WordPress · Order Attachments For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Attachments for WooCommerce plugin for WordPress version 2.5.1 and earlier Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain file...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: ruby/uri Fix quadratic backtracking on invalid relative URI ruby/time Make RFC2822 rege...