9293 matches found
CVE-2025-9631
The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatsetajax function. This makes it possible for unauthenticated attackers to trigger automatic...
ebram_web_scanner
EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...
CVE-2025-58374
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...
CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
atm: clip: Fix infinite recursive call of clip_push().
...
USN-7730-1: PIM Messagelib vulnerabilities
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-future (SUSE-SU-2025:03038-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03038-1 advisory. - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...
Security update for python-future
This update for python-future fixes the following issues: CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:03038-1 Security update for python-future
This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...
Security update for python-future
This update for python-future fixes the following issues: CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:03029-1 Security update for python-future
This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...
SUSE-SU-2025:03028-1 Security update for python-future
This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...
CVE-2025-58047
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
CVE-2025-58047
CVE-2025-58047 affects Volto (React frontend for Plone). The issue allows an anonymous user to trigger the NodeJS server to exit when visiting a specific URL, potentially causing DoS or downtime. Affected ranges include Volto versions before 16.34.0, 17.x before 17.22.1, 18.x before 18.24.0, and ...
CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
PT-2025-35112
Name of the Vulnerable Software and Affected Versions Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.4 Volto versions 18.0.0 through 18.24.0 Volto versions 17.0.0 through 17.22.1 Volto versions prior to 16.34.0 Description Volto, a React-based frontend for the Plone Content Management System,...
CVE-2025-6247
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...
CVE-2025-6247
CVE-2025-6247 affects the WordPress Automatic Plugin for WordPress (
CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...
CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...