CVE-2025-14468

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

CVE-2025-1475

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

PT-2026-1556

Name of the Vulnerable Software and Affected Versions AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to and including 1.1.9 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is a result of flawed nonce verification within the amp them...

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

AZL-73529 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

UBUNTU-CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

AIOHTTP vulnerable to DoS when bypassing asserts

Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. Impact If optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to...

EUVD-2025-206237

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input...

EUVD-2025-26613

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product expose...

PT-2026-1353

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. When optimizations are enabled using -O or PYTHONOPTIMIZE=1, and an...

📄 NanoMQ 0.24.6 Remote Buffer Overflow

A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution. The vulnerability requires admin privileges, but use of default credentials admin:public may be common, lowering the...

CVE-2025-34468

A flaw was found in libcoap. A remote attacker can exploit a stack-based buffer overflow vulnerability in the address resolution function. This occurs when attacker-controlled hostname data is copied into a fixed-size buffer without proper validation. This can lead to a crash, resulting in a Deni...

PT-2026-4857

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 36.0.5 Wasmtime versions 36.0.5 through 40.0.2 Wasmtime versions 40.0.3 through 41.0.0 Wasmtime versions 41.0.1 Description A flaw in Wasmtime's Cranelift compiler can lead to a host-level segmentation fault when...

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

CVE-2023-54216 net/mlx5e: TC, Fix using eswitch mapping in nic mode

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix using eswitch mapping in nic mode Cited patch is using the eswitch object mapping pool while in nic mode where it isn't initialized. This results in the trace below 0. Fix that by using either nic or eswitch...

CVE-2023-54167 m68k: mm: Move initrd phys_to_virt handling after paging_init()

In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phystovirt handling after paginginit When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g. on Amiga: initrd: 0ef0602c - 0f800000 Zone ranges: DMA mem...

PT-2025-54225

Name of the Vulnerable Software and Affected Versions Temporal versions through 1.29.1 Description When the system.enableCrossNamespaceCommands setting is enabled, the Temporal server allows specific workflow task commands—including StartChildWorkflowExecution, SignalExternalWorkflowExecution, an...

Linux Distros Unpatched Vulnerability : CVE-2023-54322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: set exceptionirqentry with irqentry as a default filterirqstacks is supposed to cut entries which are related irq entries from its call stack. And...

Linux Distros Unpatched Vulnerability : CVE-2023-54320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86/amd: pmc: Fix memory leak in amdpmcstbdebugfsopenv2 Function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism enabled. When...