54815 matches found
CVE-2025-13977
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
CVE-2025-13977
The CVE-2025-13977 entry concerns the WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets. It is vulnerable to Stored Cross-Site Scripting in all versions up to 6.5.3, due to insufficient input sanitization and output escaping in the Event Calendar widget’s cus...
[SECURITY] Fedora 42 Update: mod_md-2.6.6-1.fc42
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
CVE-2025-67747
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...
SUSE CVE-2025-68215
In the Linux kernel, the following vulnerability has been resolved: ice: fix PTP cleanup on driver removal in error path Improve the cleanup on releasing PTP resources in error path. The error case might happen either at the driver probe and PTP feature initialization or on PTP restart errors in...
SUSE CVE-2025-68216
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...
SUSE CVE-2025-68262
In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...
PT-2025-51979
Name of the Vulnerable Software and Affected Versions ZZCMS version 2025 Description A security issue exists in ZZCMS 2025 related to the User Data Storage Module. A flaw within the /reg/user save.php file results in the storage of data in cleartext on a file or disk. Remote exploitation is...
Open Source Point of Sale 安全漏洞
Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A security vulnerability exists in Open Source Point of Sale version v3.4.1, which stems from improper handling of the name parameter in the Create/Update Items module, which could lead to a cross-site...
PT-2025-51894
Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10 Description RIOT OS, designed for IoT and embedded devices, contains a flaw in its IPv6 fragmentation reassembly process. Specifically, the implementation lacks a size check when copying the first fragment offset...
CVE-2025-66921
A Cross-site scripting XSS vulnerability in Create/Update Items Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...
CVE-2025-66921
CVE-2025-66921 describes a Cross-site scripting (XSS) vulnerability in the Open Source Point of Sale (OSPOS) v3.4.1, specifically in the Create/Update Item(s) Module. The issue arises from improper handling of the name parameter, allowing remote attackers to inject arbitrary web script or HTML. M...
Linux Distros Unpatched Vulnerability : CVE-2025-68216
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions i...
org.apache.kafka: Kafka JNDI Login Module RCE Vulnerability
A flaw was found in org.apache.kafka. The JndiLoginModule within the SASL authentication mechanism allows remote code execution and denial of service when misconfigured. This flaw allows an attacker to provide a malicious JNDI URI within the Kafka broker's configuration, permitting arbitrary code...
GHSA-VFM5-CR22-JG3M ABP Account Module has an Open Redirect through Improper validation in its register function
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...
ABP Account Module has an Open Redirect through Improper validation in its register function
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...
CVE-2025-65581
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...
CVE-2025-65581
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...