CVE-2025-58991 WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

CVE-2025-58991 WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

WordPress plugin WooCommerce Booking Bundle Hours 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the...

PT-2025-36811

Name of the Vulnerable Software and Affected Versions: WooCommerce Booking Bundle Hours versions through 0.7.4 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Cristiano Zanca WooCommerce Booking Bundle Hours, which can lead to Stored Cross-Site Scripting XSS. Recommendation...

CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

PT-2025-36650

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...

CVE-2025-32312

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-32312

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-32312

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-32312

CVE-2025-32312 affects Android’s PackageParser.java, specifically the function createIntentsList. Root cause: unsafe deserialization that bypasses lazy bundle hardening, allowing modified data to flow to the next process. Impact: local privilege escalation with no additional privileges required; ...

CVE-2025-32312

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-32312

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2025-36028

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A flaw exists in createIntentsList of PackageParser.java that may allow bypassing lazy bundle hardening. This can permit modified data to be passed to the next process due to unsafe...

Linux Distros Unpatched Vulnerability : CVE-2024-28835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the certtool...

CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284

CVE-2024-52284 describes unauthorized disclosure where any user with GET or LIST permissions on BundleDeployment resources can retrieve Helm values that may contain credentials or other secrets. The entry attributes a CVSS v3.1 base score of 7.7 (HIGH) with network attack vector, low attack compl...

Rancher 安全漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. A security vulnerability exists in Rancher that stems from improper permissions on BundleDeployment resources, which...

Security update for git

This update for git fixes the following issues: Updated to 2.43.7 jscPED-13447: CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk bsc1245938 CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk bsc1245939 CVE-2025-46835: Fixed arbitrary writable...

Linux Distros Unpatched Vulnerability : CVE-2024-50341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack...