PT-2025-54322

Name of the Vulnerable Software and Affected Versions SaifuMak Add Custom Codes versions through 4.80 Description A flaw exists in SaifuMak Add Custom Codes that allows for Stored Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. Successfu...

WordPress plugin Add Custom Codes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993227)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993227 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that...

WordPress plugin Add Custom Codes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

CVE-2025-67746 Composer vulnerable to ANSI sequence injection

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992676 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that...

AZL-73132 CVE-2025-68740 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...

UBUNTU-CVE-2025-68740

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...

CVE-2025-68740 ima: Handle error code returned by ima_filter_rule_match()

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...

CVE-2025-68740

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...

CLSA-2025-1766136770 Fix CVE(s): CVE-2025-26465

SECURITY UPDATE: VerifyHostKeyDNS server impersonation - debian/patches/CVE-2025-26465.patch: Fix cases where error codes were not correctly set - CVE-2025-26465...

Cryptanalysis of Pseudorandom Error-Correcting Codes

Pseudorandom error-correcting codes PRC is a novel cryptographic primitive proposed at CRYPTO 2024. Due to the dual capability of pseudorandomness and error correction, PRC has been recognized as a promising foundational component for watermarking AI-generated content. However, the security of PR...

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics formerly CJ Korea Express. "The threat actor leveraged QR codes...

EUVD-2025-203621

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...

PT-2025-51761

NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

Improper Authentication Control

Filament is vulnerable to improper authentication control. The vulnerability is due to improper handling of app-based MFA recovery codes, which allows an attacker to reuse the same recovery code indefinitely to bypass authentication...

WordPress Add Custom Codes plugin Cross-Site Request Forgery Vulnerability

WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...

CVE-2025-67507

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...