SUSE CVE-2025-25208

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...

WordPress All In One Slider Responsive plugin <= 3.7.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin All In One Slider Responsive versions = 3.7.9...

WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Radio Station versions = 2.5.12...

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence AI company Anthropic's Model Context Protocol MCP Inspector project that could result in remote code execution RCE and allow an attacker to gain complete access to the hosts. The vulnerability,...

WordPress Ultra Addons for Contact Form 7 plugin <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via UACF7CUSTOMFIELDS Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.21...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.2 release.

Red Hat Developer Hub 1.6.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

string-math 安全漏洞

string-math is a module function for calculating results based on arithmetic formulas by the Polish individual developer devrafalko. A security vulnerability exists in string-math version 1.2.2, which stems from improper handling of regular expressions and could lead to a regular expression denia...

hosporder 注入漏洞

hosporder is a hospital appointment registration system by the individual developer Xiaohao.Shi in China. There is an injection vulnerability in hosporder, which originates from a SQL injection due to the incorrect operation of the parameter officesName in the file OfficeServiceImpl.java...

WordPress Conference Scheduler plugin <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Conference Scheduler versions = 2.5.1...

Google ChromeOS Permission Issues Vulnerability

Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...

novel-plus 安全漏洞

novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus versions prior to 5.1.0, which stems from an unvalidated filePath parameter that could lead to a directory traversal attack...

WordPress App Builder plugin <= 5.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Hiro Code016Hiro in WordPress Plugin App Builder versions = 5.5.6...

WordPress ATP Call Now plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin ATP Call Now versions = 1.0.3...

WordPress WP-Members plugin <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin WP-Members versions = 3.5.4...

CVE-2025-6267

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection...

CVE-2025-6267

The CVE-2025-6267 entry concerns zhilink ADP Application Developer Platform (version 1.0.0). A SQL injection vulnerability arises from improper handling of the parameters barcodeNo, barcode, and itemNo in the file /adpweb/a/base/barcodeDetail/. This could allow remote attacker-controlled input to...

A Bootiful Podcast: Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer

Hi, Spring fans! In this episode, I talk to Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer...

WordPress OceanWP Theme <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software OceanWP Type Theme Vulnerable versions = 4.0.9 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-5524 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aa9ebeb90689 Credits Asaf Mozes Required privilege...

WordPress Fitness Park Theme <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Fitness Park Type Theme Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50033 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f81317695731 Credits Peter Thaleikis Required privilege Contribut...

CVE-2025-6179

Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...