CVE-2025-41745 Reflected XSS vulnerability in pxc_portCntr2.php

An XSS vulnerability in pxcportCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-leve...

CVE-2025-41746 Reflected XSS vulnerability in pxc_portSecCfg.php

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

CVE-2023-53836

Summary of CVE-2023-53836 (Linux kernel): A race exists in the sockmap path (bpf/sockmap) where skb objects in the sk_psock_backlog can be referenced after userspace drains the skb, leading to a use-after-free when skb_dequeue() occurs after the skb has been freed. The published fixes add skb_get...

CVE-2023-53823

CVE-2023-53823 in the Linux kernel was fixed by introducing a disk-level mutex (rq_qos_mutex) to protect rq_qos APIs. The patch ensures rq_qos_exit() is not concurrently accessed with rq_qos_add() during disk removal/initialization and cgroup policy changes, mitigating races that could trigger nu...

CVE-2023-53823

In the Linux kernel, the following vulnerability has been resolved: block/rqqos: protect rqqos apis with a new lock commit 50e34d78815e "block: disable the elevator int delgendisk" move rqqosexit from diskrelease to delgendisk, this will introduce some problems: 1 If rqqosadd is triggered by...

UBUNTU-CVE-2023-53819

In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This is motivated by OOB access in amdgpuvmupdaterange when offsetinbo+mapsize overflows. v2: keep the validations in amdgpuvmbomap v3: add the validations to...

PT-2025-50284

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description An improper access control issue exists in ColdFusion that could allow for arbitrary code execution with the privileges of the current user. An attacker with high...

Linux Distros Unpatched Vulnerability : CVE-2023-53851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would ...

CVE-2025-42616 CSRF vulnerability in CIRCL Vulnerability-Lookup

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

CVE-2023-53754 scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup When iftype equals zero and pciresourcestartpdev, PCI64BITBAR4 returns false, drblregsmemmapp is not remapped. This passes a NULL pointer to iounmap, which can trigger a WARN ...

kernel security update

4.18.0-553.89.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

CVE-2025-12128

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...

PT-2025-49345

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

PT-2025-49336

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle enqueue only function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-12354

The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-12165

The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcakesaveconfig' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2025-12128

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...

EUVD-2025-201381

The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcakesaveconfig' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2025-13362

The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...

EUVD-2025-201338

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...