Command Injection

Hoverfly is vulnerable to Command Injection. The vulnerability is due to improper input validation in the middleware endpoint due to the binary and script parameters being passed directly into a system without sanitization. This allows an attacker to supply crafted values for those parameters to...

CVE-2025-11895

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

CVE-2025-11895 Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

CVE-2025-11895 Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 5.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

CVE-2025-11895

The CVE-2025-11895 vulnerability affects Binary MLM Plan (WordPress) versions

CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

WordPress plugin Binary MLM Plan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Poppler Installed (macOS)

Binary data macospopplerinstalled.nbin...

MalCVE: Malware Detection and CVE Association Using Large Language Models

Malicious software attacks are having an increasingly significant economic impact. Commercial malware detection software can be costly, and tools that attribute malware to the specific software vulnerabilities it exploits are largely lacking. Understanding the connection between malware and the...

WordPress Binary MLM Plan plugin <= 5.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Binary MLM Plan versions = 5.0...

CLSA-2025-1760649038 Update of alt-php

Bump ABI 4.15.0-252...

CLSA-2025-1760648945 Update of alt-php

Bump ABI 5.4.0-222...

DEBIAN-CVE-2025-11839

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tgtagtype of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks...

CVE-2025-11839

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tgtagtype of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks...

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

CVE-2025-10038

The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmpuser role granting all users with the managebmp capability by default upon registration through the plugin's form. This makes it possible for...

CVE-2025-54539 Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

CVE-2025-54539

Apache ActiveMQ NMS AMQP Client (vulnerable up to 2.3.0) suffers Deserialization of Untrusted Data due to unbounded deserialization logic when connecting to untrusted AMQP servers. Malicious responses could lead to arbitrary code execution on the client side; a 2.1.0 deserialization restriction v...

GNU Binutils 缓冲区错误漏洞

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...