Missing Encryption Of Sensitive Data

@coinbase/wallet-sdk is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to the use of outdated versions due to an unspecified security flaw that does not directly impact users' keys, smart contracts, or funds...

WordPress plugin Font Awesome WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

FreeBSD : vscode -- multiple vulnerabilities (cbf5d976-656b-4bb6-805f-3af038e2de3e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cbf5d976-656b-4bb6-805f-3af038e2de3e advisory. VSCode developers report: The update addresses these issues, including a fix for a security...

Azure Linux 3.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)

The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42080)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42080 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid...

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

CVE-2020-5229

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...

CVE-2024-12741

A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. Please note that...

PT-2025-5142 · Papercite · Papercite

Name of the Vulnerable Software and Affected Versions: PAPERCITE versions 0.5.18 and earlier Description: The issue is related to a lack of authorization in PAPERCITE, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For versions 0.5.18 and...

CVE-2025-23012

Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...

CVE-2025-21521

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols ...

Security flaws found in tiny phones promoted to children

TL;DR Three mini smartphones promoted to children were analysed Those devices are heavily promoted on TikTok All had outdated operating systems All could be rooted without wiping the phone, allowing data to be compromised with physical access One had malware artefacts pre-installed One had an...

Amazon Linux AMI : rsync (ALAS-2025-1954)

The version of rsync installed on the remote host is prior to 3.0.6-12.15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1954 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE...

Mozilla Thunderbird SEoL (1.x)

According to its version, Mozilla Thunderbird version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may...

CVE-2024-10815

CVE-2024-10815 pertains to the PostLists WordPress plugin (up to 2.0.2). The issue arises because the plugin does not escape the $_SERVER['REQUEST_URI'] value before echoing it into an HTML attribute, enabling a Reflected XSS in older browsers. Affected plugin: PostLists (WordPress). Root cause: ...

PT-2025-1941 · WordPress · Bu Section Editing Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: BU Section Editing WordPress plugin versions 0.9.9 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. Thi...

Legacy App Migration: Transforming Outdated Systems

Businesses are perpetually under pressure to innovate in a fast-paced digital era. But legacy applications, written with outdated…...

PT-2024-36677 · Wplms · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions prior to 1.9.9.5.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

PT-2024-17267 · WordPress · Feedify – Web Push Notifications

Name of the Vulnerable Software and Affected Versions: The Feedify – Web Push Notifications plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Reflected Cross-Site Scripting via the platform, phone, email, and store url parameters due to insufficient...

DEBIAN-CVE-2024-56170

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent...