CVE-2025-46721 nosurf vulnerable to CSRF due to non-functional same-origin request checks

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

WordPress Firelight Lightbox plugin < 2.3.15 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Firelight Lightbox versions 2.3.15...

CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

WordPress PDF Invoice Builder for WooCommerce plugin <= 5.3.8 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin PDF Invoice Builder for WooCommerce versions = 5.3.8...

WordPress Blockspare plugin <= 3.2.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Blockspare versions = 3.2.9...

WordPress SKT Skill Bar plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin SKT Skill Bar versions = 2.4...

Photon OS 4.0: Linux PHSA-2025-4.0-0792

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0792. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...

CVE-2025-0942 Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06...

PT-2025-15301 · Jalios · Jalios Jplatform

Name of the Vulnerable Software and Affected Versions: Jalios JPlatform versions prior to 10.0.6 Description: The DB chooser functionality in Jalios JPlatform improperly neutralizes special elements used in an SQL command, allowing authenticated administrative users to trigger SQL Injection. A...

50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

DSA-5884-1 libxslt - security update

Bulletin has no description...

SUSE SLES15 Security Update : kernel (Live Patch 41 for SLE 15 SP3) (SUSE-SU-2025:0942-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0942-1 advisory. This update for the Linux Kernel 5.3.18-15030059150 fixes several issues. The following security issues were fixed: - CVE-2024-46818:...

CVE-2025-23120

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

Security Updates for Microsoft Visual Studio 2017 15.9 Products (March 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by a vulnerability: - An undisclosed Visual Studio Elevation of Privilege Vulnerability CVE-2025-24998 Note that Nessus has not tested for these issues but has instead relied only on the application's...

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API

Impact An unauthenticated stack overflow crash, leading to a denial of service DoS, was identified in Rancher’s /v3-public/authproviders public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would...

PT-2025-8923 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A vulnerability has been discovered in Windows Virtualization-Based Security. The issue was disclosed on 2025-02-25 and a patch was released in February 2025 Patch Tuesday. It was discovere...

CVE-2022-49179 block, bfq: don't move oom_bfqq

In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq Our test report a UAF: 2073.019181 ================================================================== 2073.019188 BUG: KASAN: use-after-free in bfqputasyncbfqq+0xa0/0x168 2073.019191 Write of size 8...