WordPress Slek Gateway for WooCommerce plugin <= 1.0 - Unauthenticated Insufficiently Protected Credentials vulnerability

Unauthenticated Insufficiently Protected Credentials vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Slek Gateway for WooCommerce versions = 1.0...

CVE-2025-58190 affecting package telegraf for versions less than 1.31.0-15

CVE-2025-58190 affecting package telegraf for versions less than 1.31.0-15. A patched version of the package is available...

CVE-2025-58183 affecting package containerized-data-importer for versions less than 1.57.0-17

CVE-2025-58183 affecting package containerized-data-importer for versions less than 1.57.0-17. A patched version of the package is available...

WordPress CTL Arcade Lite plugin <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation vulnerability

Cross-Site Request Forgery to Plugin Activation and Deactivation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CTL Arcade Lite versions = 1.0...

EUVD-2025-35343

The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2025-28735

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-54145

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability affects Firefox for iOS 141...

Drupal Single Content Sync module < 1.4.12 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Dezső Biczó mxr576 in WordPress Module Single Content Sync versions 1.4.12...

Drupal Gif Player Field module < 1.5.0,2.0.0-2.0.3 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Gif Player Field versions 1.5.0,2.0.0-2.0.3...

PT-2025-4004 · Cesanta · Cesanta Frozen

Name of the Vulnerable Software and Affected Versions: Cesanta Frozen versions less than 1.7 Description: An Allocation of Resources Without Limits or Throttling issue allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input...

UBUNTU-CVE-2024-9392

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131...

WordPress Popup Cart Lite for WooCommerce plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy Patchstack Alliance in WordPress Plugin Popup Cart Lite for WooCommerce versions = 1.1...

AZL-35431 CVE-2024-20328 affecting package clamav for versions less than 1.0.6-1

A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...

SUSE CVE-2023-6213

Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 120...