PT-2025-52926

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel's Smack security module where an unprivileged task, permitted to relabel itself, can create new labels by writing their names into its own...

CVE-2025-14056

CVE-2025-14056 concerns the WordPress plugin Custom Post Type UI. It is a Stored Cross-Site Scripting (XSS) via the 'label' parameter during import, affecting all versions up to 1.18.1. An authenticated attacker with Administrator-level access can inject scripts that execute on the Tools → Get Co...

CVE-2025-14056 Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter

The Custom Post Type UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter during custom post type import in all versions up to, and including, 1.18.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Custom Post Type UI plugin <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'label' Import Parameter vulnerability discovered by type5afe in WordPress Plugin Custom Post Type UI versions = 1.18.1...