CVE-2025-27339 WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through = 1.2.0...

CVE-2025-27339 WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through = 1.2.0...

CVE-2025-27339

CVE-2025-27339 documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Minimum Password Strength, affecting versions up to 1.2.0. The CVSS base metrics reported (CVSS 3.1, vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) indicate a Medium severity (score 4.3) with user inte...

WordPress plugin Minimum Password Strength 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: panasonic-laptop: Fixed out-of-bounds accesses to the SINF array. The panasonic laptop code in various places uses the SINF array with index values ranging from 0 to SINFCURBRIGHT0x0d, without checking whether the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: padata: Fixed a possible “divide-by-0” panic in padatamthelper. We are encountering a “divide-by-0” panic in padata.c during bootup. 10.017908 Oops: Divide error: 0000 1 PREEMPT SMP NOPTI 10.017908 CPU: 26 PID: 2627 Comm:...

GHSA-VPXM-CR3R-PJP9 General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the gpio-charger driver potentially accessing areas of allocated memory that are exceeded when setting the...

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

PT-2025-4486 · Optimizely · Episerver.Cms.Core

Name of the Vulnerable Software and Affected Versions: Optimizely EPiServer.CMS.Core versions prior to 12.32.0 Description: A medium-severity issue exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum...

PT-2026-8105

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc1-00001-g09db0998649d Description The Linux kernel contains an issue in the mmc subsystem, specifically within the sdhci-of-dwcmshc driver. When operating in HS200 or HS400 timing modes, reducing the clo...

PT-2026-2898

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the octeontx2-pf driver. The issue involves a shift-out-of-bounds error triggered when users provide small or zero ring sizes through the...

PT-2026-2872

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Time-of-Check to Time-of-Use TOCTOU race condition exists in the Linux kernel due to the repeated evaluation of arguments within the FAN FROM REG macro. This can lead to divide-by-zero...

CVE-2024-56548 hfsplus: don't query the device logical block size multiple times

In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOPSETBLOCKSIZE. While this may cause other issues like IO being rejected, in t...

PT-2024-36865 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0 Description: The issue is related to a too strict alignment check in the create cache function, which can cause a kernel panic on certain systems, such as m68k, where the minimum alignment of unsigned lon...

CVE-2024-54227 WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Dotstore Minimum and Maximum Quantity for WooCommerce min-and-max-quantity-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximum Quantity for WooCommerce: from n/a through = 2.0.0...

WordPress plugin Minimum and Maximum Quantity for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Minimum and Maximum Quantity for WooCommerce versions = 2.0.0...

SUSE CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs

A vulnerability was found in the Linux kernel's hwmon subsystem, specifically in the mlxreg-fan driver. The issue arises when the driver’s sysfs interface for controlling fan speed does not properly handle cases where the requested minimum fan speed exceeds the maximum allowable value. When the...