PT-2025-50843

The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as...

WordPress VigLink SpotLight By ShortCode plugin <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin VigLink SpotLight By ShortCode versions = 1.0.a...

WordPress BUKAZU Search widget plugin <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin BUKAZU Search widget versions = 3.3.2...

WordPress Paypal Payment Shortcode plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttomimage' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Paypal Payment Shortcode versions = 1.01...

EUVD-2025-202695

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute...

WordPress LJUsers plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin LJUsers versions = 1.2.0...

CLSA-2025-1765476676 cups: Fix of CVE-2025-58364

CVE-2025-58364: fix unsafe deserialization and validation of printer attributes causing null dereference...

CVE-2025-67741

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute...

CVE-2025-67741

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute...

CVE-2025-67741

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute...

CVE-2025-67741

CVE-2025-67741 : JetBrains TeamCity versions before 2025.11 are affected by a stored XSS vulnerability via a session attribute. Root cause and impact are described in connected advisories; exploitation would involve injecting/script execution within the victim’s browser under the user’s context. ...

CVE-2025-67741

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute...

CVE-2025-67720

Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the downloadmedia method before using them in file path construction. When downloading media, if the user does not specify a custom filename...

PT-2025-50567

Name of the Vulnerable Software and Affected Versions Pyrofork versions 2.3.68 and earlier Description Pyrofork is an asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages before using them in file path construction with...

PT-2025-50627

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991152)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991152 advisory. In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs Kernel iterates over ATTRRECORDs in mft record in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991119)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991119 advisory. In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series ntfs: fix bugs about Attribute, v2. This...

EUVD-2024-27068

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

SUSE CVE-2022-50656

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfctarget before being used Fix a slab-out-of-bounds read that occurs in nlaput called from nfcgenlsendtarget when target-sensbreslen, which is duplicated from an nfctarget in pn533, is too large as the nfctarge...

PT-2025-50323

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...