WordPress WooCommerce Support Ticket System plugin <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin WooCommerce Support Ticket System versions = 17.7...

EUVD-2025-26216

Malicious code in bioql PyPI...

CVE-2025-55202

Opencast has a path traversal vulnerability in the UI configuration module present in version 18.0 and in prior 17.7 versions. The root cause is insufficient path validation where the file separator check is not applied, potentially allowing access to files in a different folder that shares a pre...

CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

GitLab 17.7 < 17.8.6 / 17.9 < 17.9.3 / 17.10 < 17.10.1 (CVE-2025-0811)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site...

GitLab 17.5 < 17.6.5 / 17.7 < 17.7.4 / 17.8 < 17.8.2 (CVE-2025-1540)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible...

UBUNTU-CVE-2025-0516

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data...

CVE-2024-10625

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...

WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

WordPress plugin WooCommerce Support Ticket System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

WordPress WooCommerce Support Ticket System plugin <= 17.7 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WooCommerce Support Ticket System versions = 17.7...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.7 and Apple iPadOS version 17.7, which originates from a...

PT-2022-6208 · Trend Micro · Trend Micro Maximum Security

Name of the Vulnerable Software and Affected Versions: Trend Micro Maximum Security version 17.7 Description: A vulnerability exists in Trend Micro Maximum Security wherein a low-privileged user can write a known malicious executable to a specific location. During the removal and restoration...