WordPress Fable Extra plugin <= 1.0.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by timomangcut in WordPress Plugin Fable Extra versions = 1.0.6...

CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

WordPress Download Manager plugin <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by WordFence in WordPress Plugin Download Manager versions = 3.3.12...

WordPress CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin <= 2.4 - Unauthenticated Arbitrary File Read vulnerability

WordPress CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin = 2.4 - Unauthenticated Arbitrary File Read vulnerability discovered by khanhhnahk1 in WordPress Plugin CLEVER versions = 2.4...

WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Booster Plus for WooCommerce versions = 7.2.4...

WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Arigato Autoresponder and Newsletter versions = 2.7.2.4...

Fedora 41 : lemonldap-ng (2025-273b88cf62)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-273b88cf62 advisory. See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/ Tenable has extracted the preceding description block directly from the Fedora...

Fedora: Security Advisory (FEDORA-2025-80dfa228e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Barcode Generator for WooCommerce versions = 2.0.4...

WordPress Material Dashboard plugin <= 1.4.6 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by astra.r3verii in WordPress Plugin Material Dashboard versions = 1.4.6...

CVE-2025-3548

Open Asset Import Library Assimp (up to 5.4.3) is affected by a heap-based buffer overflow in aiString::Set (types.h, File Handler). The vulnerability permits a local attacker to trigger a crash or potentially exploit the host; the exploit has been publicly disclosed. Remediation: upgrade to a ne...

CVE-2017-20197 propanetank Roommate-Bill-Tracking login.php sql injection

A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack c...

CVE-2017-20197 propanetank Roommate-Bill-Tracking login.php sql injection

A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack c...

WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by theviper17 in WordPress Plugin Bulk Product Sync versions = 8.6...

WordPress Total processing card payments for WooCommerce Plugin <= 7.1.5 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by LVT-tholv2k in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.5...

DEBIAN-CVE-2025-3160

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

DEBIAN-CVE-2025-3159

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buff...

Ubuntu: Security Advisory (USN-7261-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation vulnerability

Unauthenticated Account Takeover/Privilege Escalation vulnerability discovered by Lucio Sá in WordPress Plugin SMS Alert Order Notifications versions = 3.7.9...

WordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin WP Crowdfunding versions = 2.1.15...