PT-2025-47943

Name of the Vulnerable Software and Affected Versions Magewell Pro Convert version 1.2.213 Description A Cross-Site Request Forgery CSRF exists in the /mwapi?method=add-user component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint...

CVE-2025-63952

CVE-2025-63952 describes a CSRF vulnerability in Magewell Pro Convert v1.2.213, specifically in the /mwapi?method=add-user endpoint, which can allow an attacker to create accounts via a crafted GET request. Multiple connected sources (Red Hat, CNNVD, CVE lists, and PT Security) confirm the issue ...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63953

CVE-2025-63953 describes a Cross-Site Request Forgery (CSRF) in Magewell Pro Convert v1.2.213 affecting the /usapi?method=add-user endpoint. The vulnerability allows an attacker to create user accounts via a crafted GET request. Documents consistently identify the affected software/version and th...

PT-2025-47944

Name of the Vulnerable Software and Affected Versions Magewell Pro Convert version 1.2.213 Description A Cross-Site Request Forgery CSRF exists in the /usapi?method=add-user component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the pngwriteimage8bit function, which incorrectly processes 8-bit image data as 16-bit when the simplified write API is used with convertto8bit enabled. An attacker can craft a malicious 8-bit PNG image, causing i...

TencentOS Server 3: perl-Convert-ASN1 (TSSA-2024:0193)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0193 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-65021

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()

...

PT-2025-46793

Name of the Vulnerable Software and Affected Versions Convert WebP & AVIF | Quicq versions prior to 2.0.1 Description The Convert WebP & AVIF | Quicq WordPress plugin is susceptible to unauthorized data modification. This is due to a missing capability check on the wp ajax wpqai disconnect quicq...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990834)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990834 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbconverttopackage ACPICA commit...

CVE-2025-11448

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

EUVD-2025-38371

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

CVE-2025-11448

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

CVE-2025-11448 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

CVE-2025-11448

CVE-2025-11448 affects the WordPress Gallery Plugin for Envira Photo Gallery (versions ≤ 1.11.0). The flaw is a missing capability check on the /envira-convert/v1/bulk-convert REST endpoint, enabling authenticated users with contributor-level access or higher to perform unauthorized gallery conve...

CVE-2025-11448 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

PT-2025-45560

Name of the Vulnerable Software and Affected Versions Envira Photo Gallery versions up to and including 1.11.0 Description The Envira Photo Gallery plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the /envira-convert/v1/bulk-conve...