CLSA-2025-1743675732 avahi: Fix of 8 CVEs

CVE-2021-3468: handle termination event on avahi Unix socket to prevent infinite loop - CVE-2023-1981: prevent avahi daemon crash by emitting an error if the requested D-Bus service is not found - CVE-2021-3502: fix avahi-daemon crashing from NULL pointer assertions - CVE-2023-38469: reject...

WordPress plugin WP Posts Carousel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

CVE-2025-30540

CVE-2025-30540 affects AvaiBook vacation rental booking engine (AvaiBook <= 1.2). It is described as a Stored XSS (Improper Neutralization of Input During Web Page Generation) in AvaiBook. The connected Wordfence report lists AvaiBook

SUSE CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...