CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

PT-2025-38145

Name of the Vulnerable Software and Affected Versions: Sydney theme for WordPress versions prior to 2.57 Description: The Sydney theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the activate modules function. This allows authenticated...

ai.wavemaker.app.build:wavemaker-app-build-maven-plugin (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404), ai.wavemaker.app.build:wavemaker-app-build-utils (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404) +2249 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.3)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0,...

CVE-2025-59143

Summary (CVE-2025-59143) : The issue affects the npm package color ([email protected]). An account takeover via phishing allowed an attacker to publish a malicious patch that inserts a payload in the browser context to redirect cryptocurrency transactions to attacker-owned addresses (e.g., wallets like...

CVE-2025-59140 [email protected] contains malware after npm account takeover

backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

CVE-2025-6202

CVE-2025-6202 Phoenix Rowhammer is a hardware-level vulnerability in SK Hynix DDR5 modules (manufactured 2021–2024) that allows a local attacker to trigger memory row bit flips. The issue bypasses protection such as TRR, exploiting defined “blind zones” (e.g., after 128 and 2,608 tREFI updates) w...

PocCollect

This repository is an offensive tool for vulnerability scanning and exploitation, specifically targeting various web applications and services. The primary vulnerability class targeted is SQL injection, with specific examples of exploits for Struts2, 08CMS, and ASPCMS. The tool is written in Pyth...

Linux Distros Unpatched Vulnerability : CVE-2025-48039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This...

Linux Distros Unpatched Vulnerability : CVE-2025-39767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LoongArch: Optimize module load time by optimizing PLT/GOT counting When enabling CONFIGKASAN, CONFIGPREEMPTVOLUNTARYBUILD and CONFIGPREEMPTVOLUNTARY at the sam...

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is a Python library that provides a set of tools for developing exploits and performing penetration testing. The library is designed to be extensible and customizable, allowing users to easily add new features and plugin...

CVE-2025-54083

Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT Quantenna SoC modules allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE...

CVE-2025-8007

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable MNFR fault. This condition may lead to unexpected system crashes and loss of device availability...

DEBIAN-CVE-2025-48041

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....

DEBIAN-CVE-2025-48040

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

CVE-2025-48038

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2025-48041

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....

EEF-CVE-2025-48041 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles

Summary Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and...

CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

CVE-2025-54084 Calix Gigacenter ONT - Command Injection

OS Command 'OS Command Injection' vulnerability in Calix GigaCenter ONT Quantenna SoC modules allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCente...

CVE-2025-8007

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable MNFR fault. This condition may lead to unexpected system crashes and loss of device availability...