UBUNTU-CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

CVE-2025-12879

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

CVE-2025-13528

The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handleexport' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or...

CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

CVE-2025-12879 User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

CVE-2025-12879

CVE-2025-12879 : WordPress plugin “User Generator and Importer” (

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

Updated libraw, digikam & darktable packages fix security vulnerabilities

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult...

CVE-2025-66411

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

CVE-2025-66411 Coder logged sensitive objects unsanitized

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

CVE-2025-66411

Summary of CVE-2025-66411 (Coder) Coder prior to versions 2.26.5, 2.27.7, and 2.28.4 logs Workspace Agent manifests containing sensitive values in plaintext. This could allow an attacker with limited local access to a Coder Workspace (VM, Kubernetes Pod, etc.) or a connected logging system (e.g.,...

CVE-2025-66411 Coder logged sensitive objects unsanitized

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

GHSA-JF75-P25M-PW74 Coder logs sensitive objects unsanitized

Summary Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized Details By default Workspace Agent logs are redirected to stderr https://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.goL432-L439 Workspace Agent Manifests containi...

CVE-2025-12585 MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

CVE-2025-12585

The CVE-2025-12585 entry concerns the WordPress plugin MxChat – AI Chatbot (WordPress plugin). Affected software: MxChat plugin for WordPress, versions up to and including 2.5.5. Vulnerability type: Sensitive Information Exposure. Root cause: inadequate protection of sensitive data via upload fil...

EUVD-2025-200727

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

PT-2025-48989

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.26.5 Coder versions prior to 2.27.7 Coder versions prior to 2.28.4 Description Coder enables organizations to set up remote development environments using Terraform. Before versions 2.26.5, 2.27.7, and 2.28.4, Workspa...

CVE-2025-66421

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

GHSA-6QJ9-2G9M-29X9 Tryton sao allows XSS because it does not escape completion values

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

Tryton sao allows XSS because it does not escape completion values

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...