AZL-67256 CVE-2024-13978 affecting package libtiff for versions less than 4.6.0-10

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2preadtiffinit of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally...

GHSA-2RJV-CV85-XHGM OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object

Impact OpenSearch versions 2.19.2 and earlier improperly apply Field Level Security FLS rules on fields which are not at the top level of the source document tree i.e., which are members of a JSON object. If an FLS exclusion rule like object is applied to an object valued attribute in a source...

WordPress Sina Extension for Elementor plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Sina Posts, Sina Blog Post and Sina Table Widgets vulnerability discovered by stealthcopter in WordPress Plugin Sina Extension for Elementor versions = 3.7.0...

WordPress Customer Reviews for WooCommerce plugin <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via author Parameter vulnerability discovered by zer0gh0st in WordPress Plugin Customer Reviews for WooCommerce versions = 5.80.2...

WordPress Blogger Buzz Theme <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Blogger Buzz Type Theme Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-54680 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b2b9bc739162 Credits Peter Thaleikis Required privilege...

CVE-2025-54381

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

WordPress Smart Slider 3 plugin <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter vulnerability

Authenticated Administrator+ SQL Injection via sliderid Parameter vulnerability discovered by Chive in WordPress Plugin Smart Slider 3 versions = 3.5.1.28...

GHSA-4VQ8-7JFC-9CVP Moby firewalld reload removes bridge network isolation

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker, or Docker...

WordPress Memory Usage plugin <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function vulnerability

Cross-Site Request Forgery to Limited Plugin Installation via wpmemoryinstallplugin Function vulnerability discovered by wesley wcraft in WordPress Plugin WP memory versions = 3.98...

CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

CVE-2025-8227

ChanCMS (by yanyutao0402) versions up to 3.1.2 contain a vulnerability in the /collect/getArticle functionality where manipulating the taskUrl parameter leads to deserialization. The issue allows remote execution with no user interaction and is publicly exploitable according to the sources. ChanC...

ALPINE-CVE-2025-8225

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function processdebuginfo of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patc...

ALPINE-CVE-2025-8224

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfdelfgetstrsection of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack...

UBUNTU-CVE-2025-8224

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfdelfgetstrsection of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack...

SysTrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc

Overview Lakeside Software, an IT digital employee experience platform, offers a product called SysTrack, intended for endpoint observability. This program uses an executable called LsiAgent.exe, which attempts to load various Dynamic Link Library DLL files when run. The program does not properly...

AZL-65978 CVE-2025-8177 affecting package libtiff for versions less than 4.6.0-8

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...

UBUNTU-CVE-2025-8177

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...

CVE-2025-8176 LibTIFF tiffmedian.c get_histogram use after free

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the publi...

CVE-2025-8176 LibTIFF tiffmedian.c get_histogram use after free

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the publi...