[SECURITY] Fedora 44 Update: plasma-breeze-6.6.4-1.fc44

Artwork, styles and assets for the Breeze visual style for the Plasma Desktop...

EUVD-2025-25070

Malicious code in bioql PyPI...

EUVD-2025-25347

Malicious code in bioql PyPI...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

Online Artwork and Fine Arts 安全漏洞

Online Artwork and Fine Arts is an online artwork display box selling project by the individual developer Vishal Mathur. A security vulnerability exists in Online Artwork and Fine Arts version 1.0, which stems from a SQL injection in the id2 parameter of the cancelbooking.php page, which could le...

Exploit for CVE-2025-55444

CVE Reports by Anudeep Kadambala This repository contains det...

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

PT-2025-33533 · WordPress · Last.Fm Recent Album Artwork

Name of the Vulnerable Software and Affected Versions: Last.fm Recent Album Artwork plugin for WordPress versions up to and including 1.0.2 Description: The Last.fm Recent Album Artwork plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation ...

WordPress plugin Last.fm Recent Album Artwork 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Last.fm Recent...

WordPress Last.fm Recent Album Artwork plugin <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Last.fm Recent Album Artwork versions = 1.0.2...

GHSA-432C-WXPG-M4Q3 xml2rfc has file inclusion irregularities

Version 3.12.0 changed xml2rfc so that it would not access local files without the presence of its new --allow-local-file-access flag. This prevented XML External Entity XXE injection attacks with xinclude and XML entity references. It was discovered that xml2rfc does not respect...

Directory Traversal

Overview xml2rfc is a Xml2rfc generates RFCs and IETF drafts from document source in XML according to the IETF xml2rfc v2 and v3 vocabularies. Affected versions of this package are vulnerable to Directory Traversal through the src attribute in artwork or sourcecode elements due to improper...

PT-2025-6020 · Xml2Rfc · Xml2Rfc

Name of the Vulnerable Software and Affected Versions: xml2rfc versions 3.12.0 through 3.26.0 Description: The issue concerns XML External Entity XXE injection attacks. It was discovered that xml2rfc does not respect the --allow-local-file-access flag when a local file is specified as src in...

ASB-A-271851153

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...