CVE-2025-39455 WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in IP2Location IP2Location Variables ip2location-variables allows Reflected XSS.This issue affects IP2Location Variables: from n/a through = 2.9.5...

Malicious code in helper-hoist-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d8c7136be25a9c380c74ba6c7a58d2114704c0b102b6362802aa21f7c7ee39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3254 Malicious code in helper-hoist-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d8c7136be25a9c380c74ba6c7a58d2114704c0b102b6362802aa21f7c7ee39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress plugin IP2Location Variables 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-17014 · Unknown · Ip2Location Variables

Name of the Vulnerable Software and Affected Versions: IP2Location Variables versions n/a through 2.9.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Reflected XSS. Recommendations: For versions n/a through 2.9.5, update to a version later than 2.9.5 to...

CVE-2025-32834

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to bypass authorization...

CVE-2025-22116

In the Linux kernel, the following vulnerability has been resolved: idpf: check error for registernetdev on init Current init logic ignores the error code from registernetdev, which will cause WARNON on attempt to unregister it, if there was one, and there is no info for the user that the creatio...

PT-2025-16835 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateConnectionVariablesWithImport method. This could allow an...

[SECURITY] Fedora 42 Update: uboot-tools-2025.04-1.fc42

This package contains a few U-Boot utilities - mkimage for creating boot imag es and fwprintenv/fwsetenv for manipulating the boot environment variables...

CVE-2025-25013

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack...

(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS1823xs+ devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the provided username during login. The...

CVE-2025-25013

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack...

CVE-2025-25013

CVE-2025-25013 affects Elastic Defend; the issue is improper restriction of environment variables, causing exposure of sensitive data (e.g., API keys/tokens) via unfiltered env vars transmitted to the stack. Reported CVSSv3.1: 6.5 (Medium), with network attack vector, low attack complexity, low p...

CVE-2025-25013 Elastic Defend Insertion of Sensitive Information into Log Files

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack...

Elastic Defend 8.17.3 Security Update (ESA-2025-05)

Elastic Defend Insertion of Sensitive Information into Log Files ESA-2025-05 Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack. This...

Class Pollution

Mesop is vulnerable to Class Pollution. The vulnerability is due to insecure handling of global variables and class attributes due to the ability of attackers to overwrite them at runtime, leading to potential denial of service, identity confusion, or remote code execution...

PT-2025-15665 · Elastic · Defend

Name of the Vulnerable Software and Affected Versions: Elastic Defend affected versions not specified Description: The issue is related to the improper restriction of environment variables in Elastic Defend, which can lead to the exposure of sensitive information such as API keys and tokens. This...

Elastic Defend 日志信息泄露漏洞

Elastic Defend is an application from the Dutch company Elastic. It provides prevention, detection and response capabilities, as well as deep visibility into EPP, EDR, SIEM and security analytics. A log information disclosure vulnerability exists in Elastic Defend versions prior to 8.17.3, which...

Zoom Workplace 安全漏洞

Zoom Workplace Apps for Windows is an official suite of collaboration tools from Zoom that includes core features such as team chat, whiteboards, notes, and more, and is required to be used through a Zoom Meetings account. A security vulnerability exists in Zoom Workplace Apps for Windows, which...

SUSE CVE-2025-21998

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer...