CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...

CVE-2025-12782

Beaver Builder – WordPress Page Builder (Beaver Builder Lite) is affected by CVE-2025-12782 due to an authorization bypass in the disable() path that fails to properly verify user permissions. The issue affects all versions up to 2.9.4, enabling authenticated users with at least Contributor acces...

CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...

📄 Adobe DNG SDK 1.4 Out-Of-Bounds Read

A vulnerability exists in Adobe DNG SDK the fork used by Android due to improper validation of the fAreaSpec fields inside the dngopcodeDeltaPerRow::ProcessArea function. If an attacker supplies a crafted DNG file with an empty or malformed fAreaSpec, the SDK performs arithmetic that results in...

PT-2025-52885

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the NFSv4/pNFS implementation where the NFS INO LAYOUTCOMMIT flag is not properly cleared in the pnfs mark layout stateid invalid function. This can lead to a crash when...

CVE-2025-12937

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

EUVD-2025-197941

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

Mozilla Firefox < 55.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 55.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-18 advisory. - Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson...

Mozilla Firefox < 51.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-01 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired...

WordPress plugin ACF Flexible Layouts Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Mozilla Thunderbird < 52.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-09 advisory. - Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreigh...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-4.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 43 Update: python-pdfminer-20251107-1.fc43

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

CVE-2025-43205

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR...

CVE-2025-43205

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR...

CVE-2025-43205

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR...

CVE-2025-43205

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990484 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990572 advisory. In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990112)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990112 advisory. In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based...