WordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Anhchangmutrang in WordPress Plugin MapSVG versions 8.7.4...

WordPress ZotPress plugin <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname' vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'nickname' vulnerability discovered by mohamed hamadou ZoeniX in WordPress Plugin Zotpress versions = 7.3.15...

like-girl 安全漏洞

like-girl is a couple logging tool by the individual developer of kiCode111 in China. A security vulnerability exists in like-girl version 5.2.0, which originates from SQL injection due to the incorrect operation of the parameter bz/ipdz in the file /admin/ipAddPost.php...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.1.SP1)

An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available RHBQ 3.20.1.SP1. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

WordPress Premium Addons for Elementor plugin <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Asaf Mozes in WordPress Plugin Premium Addons for Elementor versions = 4.11.8...

like-girl 安全漏洞

like-girl is a couple logging tool by the individual developer of kiCode111 in China. A security vulnerability exists in like-girl version 5.2.0, which originates from SQL injection due to incorrect operation of the parameters imgDatd/imgText/imgUrl in the file /admin/ImgAddPost.php...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to execute arbitrary code with victim privileges. Since it cannot be ruled out that developers work with elevated privileges, it is plausible that execution of arbitrary code could...

Important: Red Hat Security Advisory: HawtIO 4.2.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.2.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

Denial Of Service (DoS)

github.com/kuadrant/authorino is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits on post-authorization callbacks, allowing an attacker with developer persona access to overload the service...

KLA84761 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET and Visual Studio can be exploited remotely...

WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...

CVE-2025-49013

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...

Authorino Uncontrolled Resource Consumption vulnerability

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...

GHSA-R8XR-PGV5-GXW3 Authorino Uncontrolled Resource Consumption vulnerability

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

CVE-2025-25208

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...

CVE-2025-25209

CVE-2025-25209 affects Red Hat Connectivity Link. The issue arises in the AuthPolicy metadata, where an object storing secrets assumes they already exist in the kuadrant-system instead of copying them to the referred namespace, enabling a attacker with developer persona access to leak secrets via...

CVE-2025-25208 Rhcl: authorino denial of service through authpolicy with sharedsecretref severity

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...

CVE-2025-25208

CVE-2025-25208 affects the Authorino project (github.com/kuadrant/authorino) and is described as an uncontrolled resource consumption denial of service through an authpolicy with sharedsecretref, per multiple connected entries (e.g., CVE list/circl). The core impact is that a malicious/developer ...

CVE-2025-25207

The CVE concerns Authorino in Red Hat Connectivity Link. A developer-persona attacker can flood the service with post‑authorization callbacks, and since policy enforcement is handled by a single Authorino instance, this leads to Denial of Service during post‑authorization callback processing. Doc...

WordPress CozyStay Theme < 1.7.1 is vulnerable to PHP Object Injection

Software CozyStay Type Theme Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49507 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 87cadbf62283 Credits Bonds Required privilege Unauthenticated Published 9 Jun...