3783 matches found
PT-2025-53048
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue was resolved in the Linux kernel related to the UBI file system. The issue occurs when the insert old idx function fails during a specific process involving znode...
CVE-2025-12934
CVE-2025-12934 affects the Beaver Builder Page Builder for WordPress. Wordfence’s vulnerability detail describes a missing capability check in the duplicate_wpml_layout function that exists in Beaver Builder versions up to and including 2.9.4.1. This permits authenticated attackers with Subscribe...
CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...
MAL-2025-192888 Malicious code in workvivo-layout-extension (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d9c90e84df1efe9bd52980b9ef892141b919787ff85d8f7ab37caa2ac598745 The package workvivo-layout-extension was found to contain malicious code...
Malicious code in workvivo-layout-extension (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d9c90e84df1efe9bd52980b9ef892141b919787ff85d8f7ab37caa2ac598745 The package workvivo-layout-extension was found to contain malicious code...
PT-2025-52730
Name of the Vulnerable Software and Affected Versions Beaver Builder – WordPress Page Builder plugin versions prior to 2.9.4.1 Description The Beaver Builder – WordPress Page Builder plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing...
WordPress plugin Beaver Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection
As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...
CVE-2025-14019
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks...
CVE-2025-7058
CVE-2025-7058 affects the WordPress theme Kingcabs. The vulnerability is a Stored Cross‑Site Scripting (XSS) in the progressbarLayout parameter present in versions up to 1.1.9. Exploitation requires authenticated access at Contributor level or higher ; an attacker can inject scripts that execute ...
CVE-2025-7058 Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28040)
The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28040 advisory. - netfilter: nftables: reject duplicate device on updates Pablo Neira Ayuso Orabug: 38712798 CVE-2025-38678 - ice: fix using untrusted value of...
📄 Android 7 / 8 / 8.1 Pointer Disclosure
A flaw in Android's Binder IPC allowed applications to craft Parcels where binder-object metadata overlapped with string data. When unmarshalling, the kernel inserted genuine kernel pointers into attacker-controlled buffers. These could then be echoed back through services like clipboard, resulti...
SUSE CVE-2025-40254
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...
CVE-2025-40254
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...
AZL-71384 CVE-2025-40254 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...
CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...
EUVD-2025-201203
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...
CVE-2025-40254
CVE-2025-40254 targets the Linux kernel openvswitch nsh field handling. The issue stems from incorrect validation of set(nsh(...)) due to a mismatched memory layout and confusing mask vs value flags, which can cause kernel NULL pointer dereferences or crashes during validation. The advisory notes...
CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...