CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

CVE-2025-7435

A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file /siteadmin/lhcphpresque/list/ of the component List Handler. The manipulation of the argument queue...

Fedora 42 : luajit (2025-b1082e9269)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b1082e9269 advisory. Fix CVE-2024-25176 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2025-7209

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function valuedecode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. Th...

CVE-2025-7209

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function valuedecode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. Th...

CVE-2025-7209 9fans plan9port x509.c value_decode null pointer dereference

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function valuedecode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. Th...

Oracle Linux 8 : container-tools:rhel8 (ELSA-2025-10551)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10551 advisory. - fixes 'CVE-2025-6032 container-tools:rhel8/podman: podman missing TLS verification rhel-8.10.z' Tenable has extracted the preceding description block directl...

WordPress Noisa Theme <= 2.6.0 is vulnerable to PHP Object Injection

Software Noisa Type Theme Vulnerable versions = 2.6.0 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-53560 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 60e4fbd75f25 Credits Bonds Required privilege Subscriber Published 8 Jul...

WordPress Contact Form 7 Database Addon plugin <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via tmpD Parameter vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Contact Form 7 Database Addon – CFDB7 versions = 1.3.1...

CVE-2025-6952

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amfstateoperational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the loc...

WordPress Easy Stripe plugin <= 1.1 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Easy Stripe versions = 1.1...

WordPress Education Center Theme <= 3.6.10 is vulnerable to PHP Object Injection

Software Education Center Type Theme Vulnerable versions = 3.6.10 Fixed in 3.6.11 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-13786 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 511daf731ac0 Credits Lucio Sá Required privilege...

CVE-2025-6952

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amfstateoperational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the loc...

CVE-2025-6952 Open5GS AMF Service amf-sm.c amf_state_operational assertion

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amfstateoperational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the loc...

WordPress Elessi Theme < 6.4.1 is vulnerable to Local File Inclusion

Software Elessi Type Theme Vulnerable versions 6.4.1 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49070 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 75ce19994f60 Credits Phat RiO - BlueRock Required privilege Subscriber...

WordPress Classiera Theme <= 4.0.34 is vulnerable to SQL Injection

Software Classiera Type Theme Vulnerable versions = 4.0.34 Fixed in 4.0.35 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2025-52722 Patch priority High CVSS severity High 9.3 Developer Joinwebs PSID bef854c7c688 Credits Lê Quốc Bảo Required privilege Unauthenticated Published 1...

GHSA-V9W6-9HQ9-33CH HKUDS LightRAG allows Path Traversal via function upload_to_input_dir

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...

WordPress AI Engine 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP vulnerability

Authenticated Subscriber+ Insufficient Authorization to Privilege Escalation via MCP vulnerability discovered by István Márton - Wordfence in WordPress Plugin AI Engine versions = 2.8.3...

WordPress Wise Chat plugin <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability

Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability discovered by Vincent Fourcade vinceMatsui in WordPress Plugin Wise Chat versions = 3.3.4...

PT-2025-25627

Name of the Vulnerable Software and Affected Versions Webkul QloApps version 1.6.1 Description A critical vulnerability was found in Webkul QloApps, affecting an unknown functionality of the file /admin/ajax products list.php. The manipulation of the packItself argument leads to SQL injection. Th...