EUVD-2025-31827

The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient escaping on the user supplied value and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

Linux Distros Unpatched Vulnerability : CVE-2025-39924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not...

EUVD-2025-16006

Malicious code in bioql PyPI...

CVE-2025-39924 erofs: fix invalid algorithm for encoded extents

In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with ZEROFSCOMPRESSIONRUNTIMEMAX and ensure consistency with...

CVE-2025-39924

The CVE-2025-39924 issue concerns the Linux kernel erofs subsystem: encoded extents with an invalid algorithm check. The problem was that the existing sanity checks did not properly apply to the new encoded extents, and the fix unifies the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX an...

CVE-2025-39924 erofs: fix invalid algorithm for encoded extents

In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with ZEROFSCOMPRESSIONRUNTIMEMAX and ensure consistency with...

PT-2025-40098

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains an issue within the erofs filesystem related to encoded extents. The algorithm sanity checks do not correctly apply to new encoded extents, leading to...

SUSE CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

UBUNTU-CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

Type confusion

Versions =8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the...

LibreOffice 数据伪造问题漏洞

LibreOffice is an open source office software suite from The Document Foundation. LibreOffice suffers from a Data Forgery Problem vulnerability that stems from the application not properly checking the digital signatures of ODF documents. An attacker could use the vulnerability to change the...