Advisory ROSA-SA-2026-3229

software: capstone 4.0.2 OS: ROSA-CHROME unaffected versions = capstone-4.0.2-2 affected versions capstone-4.0.2.2-2 CVE-ID: CVE-2025-67873 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: Capstone is a disassembler framework. In versions up to and including 6.0.0.0-Alpha5, skipdata length was not checked...

PT-2026-6886

Name of the Vulnerable Software and Affected Versions Bucketlister plugin for WordPress versions up to and including 0.1.5 Description The software contains a SQL Injection issue through the category and id attributes within its shortcode. Insufficient escaping of user-supplied parameters and...

Advisory ROSA-SA-2025-3028

Software: webmin 2.510 WASP: ROSA-CHROME unaffected versions = webmin-2.510-1 affected versions webmin-2.510-1 CVE-ID: CVE-2024-45692 BDU-ID: 2024-07424 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Webmin hosting control panel is related to a loop with an unreachable exit condition...

Mahara 24.04 < 24.04.1, 23.04 < 23.04.6 Information Disclosure Vulnerability

Mahara is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if...

VMware Fusion 13.0.x < 13.6.3 Multiple Vulnerabilities (VMSA-2025-0010)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.0.x prior to 13.6.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

PT-2025-16471 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.9.2 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, resulting in unauthorized access to critical da...

PT-2025-5502 · Unknown · Mikemmx Super Block Slider

Name of the Vulnerable Software and Affected Versions: mikemmx Super Block Slider versions through 2.7.9 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through...

PT-2025-4511 · Kentothemes · Kentothemes Justified Image Gallery

Name of the Vulnerable Software and Affected Versions: KentoThemes Justified Image Gallery versions prior to 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. Recommendations: For...

PT-2025-4547 · Greg Whitehead · Norse Rune Oracle Plugin

Name of the Vulnerable Software and Affected Versions: Greg Whitehead Norse Rune Oracle Plugin versions n/a through 1.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing...

PT-2024-13637 · Unknown · Easy Social Feed

Name of the Vulnerable Software and Affected Versions: Easy Social Feed versions through 6.5.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 6.5.1,...

PT-2024-34780 · Unknown · Gmo Social Connection

Name of the Vulnerable Software and Affected Versions: GMO Social Connection versions 1.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS. This means an attacker could potentially trick a user into performi...

PT-2024-34300 · Unknown · All Post Contact Form

Name of the Vulnerable Software and Affected Versions: All Post Contact Form versions 1.7.3 and earlier Description: The issue affects the All Post Contact Form, allowing an unrestricted upload of files with dangerous types, such as a web shell, to a web server. This enables attackers to compromi...

PT-2024-33374 · WordPress · Ahmeti Wp Timeline

Name of the Vulnerable Software and Affected Versions: Ahmeti Wp Timeline versions prior to 5.1 Description: A Cross-Site Request Forgery CSRF issue exists in Ahmet Imamoglu Ahmeti Wp Timeline, allowing Stored XSS. Recommendations: For versions prior to 5.1, update to a version that includes a fi...

PT-2024-39704 · WordPress · Linkz.Ai

Name of the Vulnerable Software and Affected Versions: Linkz.ai plugin for WordPress versions up to, and including, 1.1.8 Description: The issue allows unauthorized modification of data due to a missing capability check on the ajax linkz function. This makes it possible for authenticated attacker...

PT-2024-6711

Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Microsoft Edge affected versions not specified Description: The issue is related to incorrect security checks for standard elements in the V8 JavaScript engine handler. This could allow a remote...

PT-2024-31279 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient...

PT-2024-25847 · Unknown · Wp Post Author

Name of the Vulnerable Software and Affected Versions: WP Post Author versions 3.6.4 and earlier Description: The issue is related to a Missing Authorization vulnerability in AF themes WP Post Author. Recommendations: For WP Post Author versions 3.6.4 and earlier, update to a version that contain...

PT-2024-3008 · Microsoft +1 · Visual Studio +3

Name of the Vulnerable Software and Affected Versions: .NET Framework versions affected versions not specified .NET versions affected versions not specified Visual Studio versions affected versions not specified Description: The issue is related to the use of memory after it has been freed, which...

PT-2024-1337 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior Description: The issue is related to insufficient input validation in the Server: RAPID component of Oracle MySQL Server. It allows a low-privileged attacker with...

PT-2023-18620 · Unknown · Anders Thorborg

Name of the Vulnerable Software and Affected Versions: Anders Thorborg versions 1.4.12 and earlier Description: The issue is related to a Missing Authorization vulnerability in Anders Thorborg. This vulnerability allows unauthorized access. Recommendations: For versions 1.4.12 and earlier, update...