WordPress Amazon Products to WooCommerce plugin code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Amazon Products to WooCommerce plugin that stems from insufficient validation of the function wcta2wgeturls, which can be...

CVE-2025-53536

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

Siemens多款产品 代码问题漏洞

Siemens TIA Project-Server and others are products of Siemens, Germany.Siemens TIA Project-Server is a multiplayer collaboration tool.Siemens TIA Project-Server V17 is a multiplayer collaboration tool.Siemens Totally Integrated Automation Portal is an engineering configuration platform. A code...

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is a dynamic Web server platform maintained by Adobe. Adobe ColdFusion suffers from a code issue vulnerability that arises from improperly restricting XML external entity references, which can be exploited by an attacker to submit a special request, obtain sensitive information o...

CVE-2025-53536

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

CVE-2025-53536 Roo Code allows Potential Remote Code Execution via .vscode/settings.json

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

PT-2025-28241 · Robocode +1 · Robocode +1

Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.22.6 Description: Roo Code is an AI-powered autonomous coding agent. If the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and...

Fedora: Security Advisory (FEDORA-2025-098fa1945a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SourceCodester Simple Company Website 代码问题漏洞

SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. A code issue vulnerability exists in SourceCodester Simple Company Website version 1.0, which stems from the incorrect operation of the parameter img in the file /classes/SystemSettings.php?f=updatesetting...

Akka 代码问题漏洞

Akka is an Akka open source expressive SDK and platform for developing, deploying and operating enterprise agent services. A code issue vulnerability exists in Akka 2.10.6 and earlier versions that stems from the use of Java serialization to process cluster metrics...

CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

PT-2025-27260 · Robocode · Robocode

Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3 Description: The issue concerns the execution of arbitrary commands through the MCP configuration file. An attacker with access to the system could craft a prompt to write a malicious command to the MCP...

RHEL 9 : .NET 9.0 (RHSA-2025:8817)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8817 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

CVE-2025-6611

A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /phpaction/createBrand.php. The manipulation of the argument brandStatus leads to sql injection. The attack can be initiated remotely...

CVE-2025-6358

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saveorder.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. Th...

LangChain 代码问题漏洞

LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A code issue vulnerability exists in LangChain version 0.0.27, which stems from an unrestricted request address in the RequestsToolkit component that could lead to server-side reque...

MLflow 代码问题漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A code issue vulnerability exists in MLflow versions prior to 3.1.0 that stems from a missing...

Upsonic 代码问题漏洞

Upsonic is an AI agent framework open-sourced by Upsonic. A code issue vulnerability exists in Upsonic 0.55.6 and earlier versions, which stems from deserialization of the file /tools/addtool function cloudpickle.loads in the component Pickle Handler...

MAL-2025-5077 Malicious code in discord-easy-commands-v2 (npm)

--- -= Per source details. Do not edit below this line.=-...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...