CVE-2025-15546 Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

CVE-2025-15546

The CVE-2025-15546 entry concerns the Iptanus File Upload WordPress plugin (pre-5.1.7). A TOCTOU race condition between the file existence check and the actual write operation, when the duplicatepolicy is set to “maintain both,” allows an authenticated attacker to overwrite files uploaded by othe...

UBUNTU-CVE-2026-11852

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in...

UBUNTU-CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper , to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has...

It's Time to Go After Achieving Zero Code Criticals

Ready to hit Zero Code Criticals? Here's how Wiz helps you get there and stay there, with the badge to prove you did...

Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access

Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. Update to…...

CVE-2024-50060 io_uring: check if we need to reschedule during overflow flush

In the Linux kernel, the following vulnerability has been resolved: iouring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously...

CVE-2024-45874

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe...

CVE-2024-2014

A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprogupstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...

Design/Logic Flaw

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

DRUPAL-CONTRIB-2023-011

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

CVE-2022-31362

Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Taxonomy Access Control Lite - Critical - Unsupported - SA-CONTRIB-2022-006

Update 2022-03-01. New maintainers have volunteered for the project and created a new release which includes fixes for the 3 security issues that caused the module to be unsupported. The security team is marking this project unsupported. There is a known security issue with the project that has n...

Moderate: Red Hat Security Advisory: Satellite 6.10.2 Async Bug Fix Update

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clie...

RUSTSEC-2021-0134 rental is unmaintained, author has moved on

The author encourages users to explore other solutions, or maintain a fork. Maintained alternatives include: ouroboros fortify escher...

spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

Nexus Theme - Critical - Unsupported - SA-CONTRIB-2019-078

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...

Frequently Asked Questions - Critical - Unsupported - SA-CONTRIB-2019-077

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...