CVE-2025-13205 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.20 - Cross-Site Request Forgery to Survey Cloning

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the...

CVE-2025-13205

CVE-2025-13205 affects the SurveyJS: Drag & Drop Form Builder for WordPress, versions up to and including 1.12.20. The root cause is missing or incorrect nonce validation on the SurveyJS_CloneSurvey AJAX action, enabling CSRF. Impact: unauthenticated attackers could duplicate surveys by tricking ...

PT-2026-4601

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the SurveyJS...

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Malicious code in cflashfiles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d8c5174968b7dedf000076201fe6446018aa61048b6a77fc8bc42e16bb796fd9 Malicious clone of legitimate fsspec package. The code was modified to exfiltrate specific files on import. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-469 Malicious code in cflashfiles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d8c5174968b7dedf000076201fe6446018aa61048b6a77fc8bc42e16bb796fd9 Malicious clone of legitimate fsspec package. The code was modified to exfiltrate specific files on import. --- Category: MALICIOUS - The campaign has clearly...

CLSA-2026-1768589696 ImageMagick: Fix of CVE-2025-55160

CVE-2025-55160: fix function pointer type mismatch in Clone functions...

MiracleLinux 8 : firefox-91.4.0-1.el8.ML.1 (AXSA:2022-2971:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2971:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

MiracleLinux 9 : git-2.43.5-1.el9_4 (AXSA:2024-8465:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8465:07 advisory. git: Recursive clones RCE CVE-2024-32002 git: RCE while cloning local repos CVE-2024-32004 git: additional local RCE CVE-2024-32465 git: insecure...

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000875 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000570 advisory. The clonemnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNTREADONLY flag, which allows local users to bypa...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003628 advisory. In skclonelock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution...

CVE-2025-68963

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002099 advisory. The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol...

CVE-2025-70744

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub65B5C function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001804)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001804 advisory. fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001826)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001826 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002108)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002108 advisory. The clonemnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNTREADONLY flag, which allows local users to bypa...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001894 advisory. The clonemnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNTREADONLY flag, which allows local users to bypa...