CVE-2025-32432

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

CVE-2025-26749

CVE-2025-26749: Stored XSS in WPFactory Additional Custom Product Tabs for WooCommerce (Authenticated) affects the WordPress plugin Additional Custom Product Tabs for WooCommerce, versions up to 1.7.0. Root cause is improper neutralization of input during web page generation, enabling stored cros...

Medusa Ransomware Claims NASCAR Breach in Latest Attack

Medusa ransomware hits NASCAR, demands $4M ransom, leaks internal files. Group also claims Bridgebank, McFarland, and Pulse Urgent Care...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +497 more potentially affected by CVE-2025-27622 +1 more via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27622https://vulners.com/cve/CVE-2025-2...

CVE-2025-30460

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data...

CGA-QGR4-9FF9-9J58

Bulletin has no description...

CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting

A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...

CVE-2025-1971

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level acces...

Additional TCA Allows Cross-Site Scripting (XSS)

A cross-site scripting XSS vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Update...

TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-002...

runc security update

An update is available for runc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The runC tool is a lightweight, portable implementation of the Open Container...

CLSA-2025-1741624657 bind: Fix of CVE-2024-11187

CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9...

firefox: Unexpected GC during RegExp bailout processing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it...

CVE-2024-13906

The CVE-2024-13906 entry pertains to Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress (WordPress plugin) versions

CLSA-2025-1741216880 bind: Fix of CVE-2024-11187

CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9...

CLSA-2025-1741126041 bind: Fix of CVE-2024-11187

CVE-2024-11187: fix excessive resource usage by limiting additional section processing and adjusting resolver tests...

CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-802)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-802 advisory. In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' CVE-2024-36478 In the Linux kernel, the...

OESA-2025-1215 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

CVE-2022-49264 exec: Force single empty string when argv is empty

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...