CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6

CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6. A patched version of the package is available...

CVE-2025-53923

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin YaySMTP versions = 1.3...

WordPress Cost Calculator plugin <= 7.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Cost Calculator versions = 7.4...

WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Animator versions = 3.0.16...

WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Newsletters versions = 4.10...

WordPress Widget for Google Reviews <= 1.0.15 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Widget for Google Reviews versions = 1.0.15...

CVE-2025-49836 GHSL-2025-048: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...

CVE-2025-49828

CVE-2025-49828 affects CyberArk Conjur: Conjur OSS versions 1.19.5–1.21.1 and Secrets Manager, Self-Hosted 13.1–13.4.1 are vulnerable to remote code execution via an exposed API endpoint. An authenticated attacker who can inject secrets or templates into the Secrets Manager database could cause a...

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

SUSE CVE-2025-7464

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

SUSE CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

CVE-2025-53822 WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tipo_relatorio'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the relatoriogeracao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...

WordPress Modern Events Calendar Lite plugin <= 6.3.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by WordFence in WordPress Plugin Modern Events Calendar Lite versions = 6.3.0...

CVE-2025-7462

A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdfferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer...

UBUNTU-CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

CVE-2025-53633

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...

UBUNTU-CVE-2025-7464

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...