Security update for sevctl

This update for sevctl fixes the following issues: CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode bsc1243860 Patch Instructions: To install this SUSE update use the SUSE...

CVE-2025-7843

The Auto Save Remote Images Drafts plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetchimages function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to...

CLSA-2025-1757609292 nodejs: Fix of CVE-2024-22025

CVE-2024-22025: fix resource exhaustion DoS vulnerability in fetch function...

CVE-2025-10117

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetchtasks.php of the component Add New Task. Executing manipulation with the input can lead to cross site scripting. The attack can be executed remotely. The exploit has be...

CVE-2025-7843

The Auto Save Remote Images Drafts plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetchimages function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to...

CVE-2025-7843 Auto Save Remote Images (Drafts) <= 1.0.9 - Authenticated (Contributor+) Server-Side Request Forgery

The Auto Save Remote Images Drafts plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetchimages function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to...

CVE-2025-7843

CVE-2025-7843 — Auto Save Remote Images (Drafts) (WordPress) SSRF . The WordPress plugin (versions up to and including 1.0.9) is affected via fetch_images(), enabling authenticated attackers with Contributor+ privileges to make outbound requests from the web app and potentially access internal se...

CVE-2025-7843 Auto Save Remote Images (Drafts) <= 1.0.9 - Authenticated (Contributor+) Server-Side Request Forgery

The Auto Save Remote Images Drafts plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetchimages function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to...

PT-2025-37018

Name of the Vulnerable Software and Affected Versions: Auto Save Remote Images Drafts plugin for WordPress versions up to and including 1.0.9 Description: The Auto Save Remote Images Drafts plugin for WordPress is susceptible to a Server-Side Request Forgery SSRF issue. This allows authenticated...

Linux Distros Unpatched Vulnerability : CVE-2019-10103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentiall...

CVE-2025-10117

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetchtasks.php of the component Add New Task. Executing manipulation with the input alert'XSS' can lead to cross site scripting. The attack can be executed remotely. The...

CVE-2025-10117 SourceCodester Simple To-Do List System Add New Task fetch_tasks.php cross site scripting

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetchtasks.php of the component Add New Task. Executing manipulation with the input alert'XSS' can lead to cross site scripting. The attack can be executed remotely. The...

CVE-2025-10117

CVE-2025-10117 affects SourceCodester Simple To-Do List System 1.0. The vulnerability is in the Add New Task workflow, specifically the /fetch_tasks.php function, where input manipulation (e.g., ) can trigger a cross-site scripting attack. It is exploitable remotely and the exploit has been publi...

PT-2025-36539

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple To-Do List System version 1.0 Description: A weakness exists in SourceCodester Simple To-Do List System that allows for cross site scripting. The issue is located in the /fetch tasks.php file, within the Add New Task...

SourceCodester Simple To-Do List System 代码注入漏洞

SourceCodester Simple To-Do List System is SourceCodester open source a simple to-do list system . A code injection vulnerability exists in SourceCodester Simple To-Do List System version 1.0, which originates from a cross-site scripting attack due to incorrect manipulation of the file...

CVE-2025-39699

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: prevent NULL deref in iovatophys The riscviommuptefetch function returns either NULL for unmapped/never-mapped iova, or a valid leaf pte pointer that requires no further validation. riscviommuiovatophys failed to...

CVE-2025-39699 iommu/riscv: prevent NULL deref in iova_to_phys

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: prevent NULL deref in iovatophys The riscviommuptefetch function returns either NULL for unmapped/never-mapped iova, or a valid leaf pte pointer that requires no further validation. riscviommuiovatophys failed to...

MAL-2025-43923 Malicious code in cypress-private-fetch-exosphere (npm)

The package cypress-private-fetch-exosphere was found to contain malicious code...

Malicious code in procyon-cz-conventional-changelog-lynx-fetch (npm)

The package procyon-cz-conventional-changelog-lynx-fetch was found to contain malicious code...

Malicious code in cypress-private-fetch-exosphere (npm)

The package cypress-private-fetch-exosphere was found to contain malicious code...