CVE-2025-57798 Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-63029

Summary: CVE-2025-63029 is an SQL Injection vulnerability in the WordPress WCFM Marketplace plugin (also described as WC Lovers WCFM Marketplace) affecting versions up to 3.7.1. The root cause is improper neutralization of special elements in SQL commands. The NVD/CVE records confirm the issue an...

PT-2026-33097

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions n/a through 3.7.1 Description Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, allows for the execution of unauthorized SQL commands. Recommendations At the moment, ther...

WordPress WP Responsive Recent Post Slider/Carousel plugin <= 3.7.1 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Responsive Recent Post Slider/Carousel versions = 3.7.1...

CVE-2026-24974

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through = 3.7.1...

CVE-2026-24974

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through = 3.7.1...

CVE-2026-24973 WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through = 3.7.1...

CVE-2026-24973 WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through = 3.7.1...

CVE-2026-24973

CVE-2026-24973 affects CitiLights (NooTheme) on WordPress: Reflected XSS in noo-citilights up to v3.7.1. Root cause is improper input neutralization during web page generation. Wordfence notes it as patched; remediation is available (no public details on exact patched version in provided sources).

WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...

CVE-2022-23740

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This...

Incorrect Authorization

Overview actingweb is a The official ActingWeb library Affected versions of this package are vulnerable to Incorrect Authorization due to unsafe permission-override merge semantics in the mergepermissions function in actingweb/trustpermissions.py. When individual trust relationship overrides are...

WordPress plugin BSK PDF Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. WordPress plugin BSK...

Important: git-lfs

Issue Overview: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symboli...

[SECURITY] Fedora 43 Update: git-lfs-3.7.1-1.fc43

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

Linux Distros Unpatched Vulnerability : CVE-2025-26625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the content...

BIT-GIT-LFS-2025-26625 Git LFS may write to arbitrary files via crafted symlinks

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...