[SECURITY] [DLA 4375-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4375-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 20, 2025 https://wiki.debian.org/LTS -...

[Correction] Gmail can read your emails and attachments to power “smart features”

Update November 22. We’ve updated this article after realising we contributed to a perfect storm of misunderstanding around a recent change in the wording and placement of Gmail's smart features. The settings themselves aren’t new, but the way Google recently rewrote and surfaced them led a lot o...

CVE-2025-65089

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

Pro Macros 安全漏洞

Pro Macros is an XWiki enhancement plugin open-sourced by XWiki SAS. A security vulnerability exists in versions of Pro Macros prior to 1.27.0, which originates from the possibility that a user without view privileges may view the contents of office attachments via the view file macro...

CVE-2025-63748

CVE-2025-63748 affects QaTraq 6.9.2. Authenticated users can upload arbitrary files via the Add Attachment feature in the Test Script module due to insufficient file-type restrictions. Uploaded files (e.g., executable PHP) can be accessed through View Attachment and may execute on the server, ind...

EUVD-2025-197688

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

CVE-2025-12849

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

CVE-2025-11996

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

EUVD-2025-60967

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

CVE-2025-11996

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

CVE-2025-11996

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

CVE-2025-11996 Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

CVE-2025-11996 Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

WordPress Find Unused Images plugin <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by johska in WordPress Plugin Find Unused Images versions = 1.0.7...

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...