CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...

WordPress plugin Enable SVG, WebP, and ICO Upload 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

PT-2025-47285

Name of the Vulnerable Software and Affected Versions Enable SVG, WebP, and ICO Upload plugin for WordPress versions up to and including 1.1.2 Description The Enable SVG, WebP, and ICO Upload plugin for WordPress is susceptible to arbitrary file upload due to insufficient file type validation whe...

Mozilla Firefox ESR < 52.8.1

The version of Firefox ESR installed on the remote Windows host is prior to 52.8.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-14 advisory. - A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with...

Mozilla Firefox < 60.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 60.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-11 advisory. - Mozilla developers and community members Christoph Diehl, Christian Holler, Jon Coppeard, Jason Kratzer, Nath...

Average Hardness of SIVP for Module Lattices of Fixed Rank

The problem of finding short vectors in Euclidean lattices is a central hard problem in complexity theory. The case of module lattices i.e., lattices which are also modules over a number ring is of particular interest for cryptography and computational number theory. The hardness of finding short...

Adaptive Dual-Layer Web Application Firewall (ADL-WAF) Leveraging Machine Learning for Enhanced Anomaly and Threat Detection

Web Application Firewalls are crucial for protecting web applications against a wide range of cyber threats. Traditional Web Application Firewalls often struggle to effectively distinguish between malicious and legitimate traffic, leading to limited efficacy in threat detection. To overcome these...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

PT-2025-46989

Name of the Vulnerable Software and Affected Versions CKFinder version 1.4.3 Description CKFinder 1.4.3 is susceptible to a Cross Site Scripting XSS issue within the File Upload function. An attacker can exploit this by uploading a specially crafted SVG file containing active content. The...

CKFinder 安全漏洞

CKFinder is an intelligent WYSIWYG editor component with collaborative editing capabilities. A security vulnerability exists in CKFinder version 1.4.3, which stems from a cross-site scripting vulnerability in the file upload feature that could lead to the upload of malicious SVG files...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990922 advisory. In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Siemens SIMATIC S7-1500 (CVE-2023-4807)

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

EUVD-2025-148381

Malicious code in tealove-nameka5 npm...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

CVE-2025-12880

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

SUSE-SU-2025:4064-1 Security update for the Linux Kernel (Live Patch 60 for SUSE Linux Enterprise 15 SP3)

This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.215 fixes various security issues The following security issues were fixed: - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path bsc1249841. - CVE-2022-50252: igb: Do not free qvector unless new one was allocated...