CVE-2025-9874

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

NewType Infortech NUP Portal 访问控制错误漏洞

NewType Infortech NUP Portal is a portal management and collaborative office software system from NewType Infortech Taiwan, China. An access control error vulnerability exists in NewType Infortech NUP Portal, which stems from a lack of authentication and could allow an unauthenticated remote...

PT-2025-37275

Name of the Vulnerable Software and Affected Versions: Spirit Framework plugin for WordPress versions through 1.2.13 Description: The Spirit Framework plugin for WordPress is susceptible to Local File Inclusion. Authenticated attackers with Subscriber-level access or higher can include and execut...

CVE-2025-48208

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2023-30088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjsexecute function in mjs.c. CVE-2023-30088 Note that Nessus...

SimStudioAI: A function in route.ts is vulnerable to Code Injection

A vulnerability was identified in SimStudioAI sim. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

CVE-2025-10097

A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

CVE-2025-10097 SimStudioAI sim route.ts code injection

A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

USN-7741-1 postgresql-14, postgresql-16, postgresql-17 vulnerabilities

Dean Rasheed discovered that PostgreSQL incorrectly handled access control lists. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-8713 Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL pgdump utility allowed untrusted data inclusion. ...

PT-2025-36482

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 1.0.0 Description: A vulnerability exists in SimStudioAI sim up to version 1.0.0. The issue involves code injection due to the manipulation of the code argument within an unknown function of the file...

CVE-2025-26464

In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Roo Code 操作系统命令注入漏洞

Roo Code is an AI-based autonomous coding agent from Roo Code. An operating system command injection vulnerability exists in Roo Code 3.25.23 and earlier versions, which stems from the npm install auto-execute script and could lead to arbitrary code execution...

SUSE-SU-2025:20655-1 Security update for jq

This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute jvstringvfmt bsc1244116...

Security update for jq

This update for jq fixes the following issues: CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute jvstringvfmt bsc1244116. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

CVE-2025-38681 mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()

In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdumpwalkpgd Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables...

arm64: set UXN on swapper page tables

...

arm64: set UXN on swapper page tables

...

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...

GHSA-PH6W-F82W-28W6 Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning

When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...

CVE-2023-21475

Out-of-bounds Write vulnerability in libaudiosaplussec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code...