WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Post Duplicator versions = 3.0.10...

CVE-2025-69627

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc. During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability

Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...

Prototype Pollution

LangSmith is vulnerable to Prototype Pollution. The vulnerability is due to an incomplete prototype pollution fix in its internally vendored lodash set utility, where the baseAssignValue function only guards against the proto key, but fails to prevent traversal via constructor.prototype, and...

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

📄 ChurchCRM Cross Site Scripting

ChurchCRM versions 6.5.2 and below suffer from a persistent cross site scripting vulnerability in the person property assignment functionality. Note that the advisory says versions 6.3.0 and below are affected but the CVE entry states versions prior to 6.5.3. CVE-2025-67875: ChurchCRM has stored...

PT-2026-32522

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

CVE-2025-69627

CVE-2025-69627 : Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free in the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. The freed m...

PT-2026-32435

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

📄 Authentic 8 Insecure Direct Object Reference / Broken Access Control

Authentic 8 has an broken access control that can be leveraged via insecure direct object reference that can lead to PII information disclosure. ================================================================================================================================== | Title : Authentic 8...

Pyro3 安全漏洞

Pyro3 is a Python remote object invocation library developed by Irmen de Jong. Version 3.x of Pyro3 contains a security vulnerability, which stems from issues with the pickle protocol. This vulnerability could allow arbitrary code to be executed through specially crafted pickle string messages...

📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...

WordPress YITH WooCommerce Wishlist plugin < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability

Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin YITH WooCommerce Wishlist versions 4.13.0...

Updated squid packages fix security vulnerabilities

Squid mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c. CVE-2025-59362 Squid vulnerable to information disclosure via authentication credential leakage in error handling. CVE-2025-62168 Squid vulnerable to Denial of Service in ICP Request handling...

MGASA-2026-0094 Updated squid packages fix security vulnerabilities

Squid mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c. CVE-2025-59362 Squid vulnerable to information disclosure via authentication credential leakage in error handling. CVE-2025-62168 Squid vulnerable to Denial of Service in ICP Request handling...