glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

📄 RAD FT Dell Firmware A00-00 Privilege Escalation

RAD FT Firmware versions A00-00 Build WP0000051154 and prior are susceptible to a privilege escalation vulnerability due to a failure to properly filter the user-supplied input through the .NET Profiler. Exploit name: RAD FT Dell Firmware Download link:...

Sotbit plugin’s vulnerability: Rapid loading of images in the visual editor, which is due to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the “Sotbit: Quick Image Loading in Visual Editor” plugin is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2025-49317

Cross-Site Request Forgery CSRF vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through = 1.0.6...

OESA-2025-1581 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

CVE-2025-49317

Cross-Site Request Forgery CSRF vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through = 1.0.6...

CVE-2025-49317

CVE-2025-49317 describes a CSRF vulnerability in the WordPress plugin "WP Page Loading". Affected versions are from n/a through 1.0.6. The issue is untrusted state-changing requests via CSRF; exploitation details are not provided in the documents. The connected sources indicate this CVE entry has...

CVE-2025-49317 WordPress WP Page Loading plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through = 1.0.6...

CVE-2025-49317 WordPress WP Page Loading plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through = 1.0.6...

PT-2025-24243 · WordPress · Ntc Wp Page Loading

Name of the Vulnerable Software and Affected Versions: NTC WP Page Loading versions 1.0.0 through 1.0.6 Description: A Cross-Site Request Forgery CSRF issue allows unauthorized actions to be performed on behalf of a user. This issue affects NTC WP Page Loading, enabling Cross Site Request Forgery...

WordPress plugin WP Page Loading 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:01702-2 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2.0.241, which stems from insufficient authentication when loading libraries and could lead to elevated privileges for a local attacker...

CVE-2025-48882

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

AZL-62069 CVE-2025-40909 affecting package perl for versions less than 5.38.2-509

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

DEBIAN-CVE-2025-40909

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

PT-2025-23933

Name of the Vulnerable Software and Affected Versions IGEL OS versions prior to 11 Description IGEL OS versions prior to 11 contain a flaw in the igel-flash-driver module that improperly verifies cryptographic signatures during the Secure Boot process. This allows a crafted root filesystem to be...