1620 matches found
UBUNTU-CVE-2025-40213
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989595)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989595 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988802)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988802 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default...
EUVD-2025-36687
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
Summary of CVE-2025-9133 (Zyxel devices) Technical details in the connected PT-2025-42828 entry show a missing authorization flaw in Zyxel ATP series, Zyxel USG FLEX series, and Zyxel USG20(W)-VPN devices. The vulnerability arises from insufficient input validation/logic in the CGI interface, spe...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
CVE-2025-8078
CVE-2025-8078 describes a post-authentication command-injection vulnerability in Zyxel devices: Zyxel ATP series firmware v4.32–v5.40, USG FLEX series v4.50–v5.40, USG FLEX 50(W) series v4.16–v5.40, and USG20(W)-VPN series v4.16–v5.40. An authenticated administrator can pass a crafted string as a...
PT-2025-42828
Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...
VulnCheck KEV: CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
CVE-2025-10041
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
EUVD-2025-34561
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2025-10041
The CVE-2025-10041 entry concerns the Flex QR Code Generator WordPress plugin. Affected versions include all up to and including 1.2.5, where missing file type validation in the save_qr_code_to_db() function allows unauthenticated arbitrary file uploads, potentially enabling remote code execution...
Exploit for CVE-2025-10041
CVE-2025-10041 Flex QR Code Generator = 1.2.5 - Unauthenti...