PT-2025-21195 · Drupal · Enterprise Mfa - Tfa For Drupal

Name of the Vulnerable Software and Affected Versions: Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in...

Alibaba Cloud Linux 3 : 0052: c-ares (ALINUX3-SA-2023:0052)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0052 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32067: c-ares is an asynchronous resolver...

Alibaba Cloud Linux 3 : 0192: git-lfs (ALINUX3-SA-2024:0192)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0192 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-34156: Calling Decoder.Decode on a message...

Alibaba Cloud Linux 3 : 0018: sqlite (ALINUX3-SA-2024:0018)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0018 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7104: A vulnerability was found in SQLite...

Alibaba Cloud Linux 3 : 0266: grafana-pcp (ALINUX3-SA-2024:0266)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0266 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-9355: A vulnerability was found in Golang...

Alibaba Cloud Linux 3 : 0152: python-lxml (ALINUX3-SA-2023:0152)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0152 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43818: lxml is a library for processing XM...

Alibaba Cloud Linux 3 : 0146: expat (ALINUX3-SA-2024:0146)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0146 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-52425: libexpat through 2.5.0 allows a...

Alibaba Cloud Linux 3 : 0056: patch (ALINUX3-SA-2022:0056)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-13636: In GNU patch through 2.7.6, the...

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

2025-05 .NET 8.0.16 Security Update for x64 Client (KB5059200)

2025-05 .NET 8.0.16 Security Update for x64 Client KB5059200...

50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 26th, 2024, we received a submission for an authenticated PHP...

82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 4th, 2025, we received a submission for an Arbitrary File Upload...

WordPress LightPress Lightbox plugin < 2.3.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin WP jQuery Lightbox versions 2.3.4...

PT-2025-20727 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V15.03.06.46 Description: The issue is related to a Buffer Overflow in the formSetPPTPUserList handler. This occurs via the list POST parameter. Recommendations: For Tenda AC10 version V15.03.06.46, as a temporary workaroun...

PT-2025-20566

Name of the Vulnerable Software and Affected Versions Victure RX1800 version EN V1.0.0 r12 110933 Description The issue is related to a weak default password used by the Victure RX1800, which includes the last 8 digits of the Mac address. Recommendations For version EN V1.0.0 r12 110933, consider...

PT-2025-20454

Name of the Vulnerable Software and Affected Versions WPBookit plugin for WordPress versions up to, and including, 1.0.2 Description The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover. This is due to the plugin not properly validating a user's identity...

SUSE SLES15: kernel-livepatch-5_14_21-150500_55_88-default / etc (SUSE-SU-2025:1467-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1467-1 advisory. This update for the Linux Kernel 5.14.21-1505005588 fixes one issue. The following security issue was fixed: - CVE-2024-56650: netfilter: xtables: fix...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypass signature validation in XML data [CVE-2025-29774] [CVE-2025-29775]

Summary Node.js module xml-crypto is used by IBM App Connect Enterprise Certified Container for handling XML data. IBM App Connect Enterprise Certified Container operands are vulnerable to signature validation bypass. This bulletin provides patch information to address the reported vulnerability ...

WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Job Portal versions = 2.3.1...

CVE-2023-7303

CVE-2023-7303 affects the q2apro project, specifically the q2apro-on-site-notifications plugin up to version 1.4.6. The vulnerability resides in the process_request function of q2apro-onsitenotifications-page.php and enables cross-site scripting, with remote initiation possible. The advisory note...