CVE-2025-32438 Local privilege escalation in make-initrd-ng

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled the default a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 a...

CVE-2025-32438 Local privilege escalation in make-initrd-ng

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled the default a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 a...

CVE-2025-31401

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

CVE-2025-31401

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

CVE-2025-31401 WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

CVE-2025-31401

CVE-2025-31401: MMX – Make Me Christmas plugin contains a CSRF to Stored XSS vulnerability affecting versions up to 1.0.0. The CVE’s base metrics show CVSS 3.1 with a base score of 7.1 (HIGH); attacker vector is NETWORK, with LOW confidentiality/integrity/availability impacts and user interaction...

CVE-2025-31401 WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through = 1.0.0...

WordPress plugin MMX – Make Me Christmas 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

PT-2025-15752 · Unknown · Mmx – Make Me Christmas

Name of the Vulnerable Software and Affected Versions: MMX – Make Me Christmas versions 1.0.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

The vulnerability of the `ustring::make_unique()` function in the `src/libutil/ustring.cpp` module of the OpenImageIO library allows a malicious actor to cause a service failure.

The vulnerability of the ustring::makeunique function in the src/libutil/ustring.cpp module of the OpenImageIO library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a remote attacker to cause service failures...

kernel: ipv4: Fix uninit-value access in __ip_make_skb()

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

CVE-2024-13856

The Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the makebuilderajaxsubscribe function. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2024-13856

CVE-2024-13856 affects the WordPress plugin Your Friendly Drag and Drop Page Builder — Make Builder (

CVE-2024-13856 Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function

The Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the makebuilderajaxsubscribe function. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2024-13856 Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function

The Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the makebuilderajaxsubscribe function. This makes it possible for authenticated attackers, with Subscriber-level access an...

WordPress plugin Make Builder 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress Make Builder plugin <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function vulnerability

Authenticated Subscriber+ Server-Side Request Forgery via makebuilderajaxsubscribe Function vulnerability discovered by Francesco Carlucci in WordPress Plugin Make Builder versions = 1.1.10...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the makeRequestWithRetry and getAuthorizationToken functions. An attacker can cause the server to crash by sending a specially crafted gzip bomb HTTP response. Details Denial of Service DoS describes a family o...

make-latest bug fix and enhancement update

An update is available for make-latest. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

BIT-MYSQL-CLIENT-2023-52969

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2...