PT-2025-7736 · Unknown · Pathomation

Name of the Vulnerable Software and Affected Versions: Pathomation versions n/a through 2.5.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicious script...

PT-2025-7021 · Unknown · Contact Form With Shortcode

Name of the Vulnerable Software and Affected Versions: Contact Form With Shortcode versions n/a through 4.2.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

USN-6838-2 ruby2.3, ruby2.5 vulnerability

USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2.5. Original advisory details: It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked in...

WordPress WP Directorybox Manager plugin <= 2.5 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin WP Directorybox Manager versions = 2.5...

WordPress plugin Auto SEO 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-5956 · Unknown · Phillip.Gooch Auto Seo

Name of the Vulnerable Software and Affected Versions: Phillip.Gooch Auto SEO versions n/a through 2.5.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web applicatio...

Security update for qemu

This update for qemu fixes the following issues: Update to version 8.2.5: target/loongarch: fix a wrong print in cpu dump ui/sdl2: Allow host to power down screen target/i386: fix SSE and SSE2 feature check target/i386: fix xsave.flat from kvm-unit-tests disas/riscv: Decode all of the pmpcfg and...

CVE-2025-0143

Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access...

WordPress Flexible Wishlist for WooCommerce plugin <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via wishlistname Parameter vulnerability discovered by Tim Coen in WordPress Plugin Flexible Wishlist for WooCommerce versions = 1.2.25...

Red Hat OpenShift Service Mesh 环境问题漏洞

Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. An environment issue vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from incorrect HTTP header handling ...

WordPress plugin ShipWorks Connector for Woocommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1760 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.5 Description: The issue is related to Insecure Direct Object Reference due to missing validation on a user...

WordPress plugin Ultimate Auction 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Oracle iStore 安全漏洞

Oracle iStore is an e-commerce product from Oracle Corporation USA. A security vulnerability exists in Oracle iStore. An attacker who exploits this vulnerability could gain access to critical data or full access to all Oracle iStore accessible data, as well as unauthorized update, insertion, or...

CVE-2024-54313

Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25...

CVE-2023-32798

Missing Authorization vulnerability in 10up Simple Page Ordering simple-page-ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through = 2.5.0...

WordPress plugin Accept Stripe Payments Using Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Accept...

Malicious code in storage-atom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f8d850e9e2955072a6fa29c079bda39350473f9ba56b3efec63bcc7e283c563 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...