CVE-2025-5642

A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather...

UBUNTU-CVE-2025-5643

A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function consstackload in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The...

CVE-2025-5643

Radare2 5.9.9 is affected by CVE-2025-5643 through the cons_stack_load function in libr/cons/cons.c. The vulnerability arises from manipulating the -T argument, causing memory corruption. Exploitation is local with high attack complexity; exploits have been disclosed but the real existence is dou...

CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

WordPress Booking Ultra Pro plugin <= 1.1.20 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Booking Ultra Pro versions = 1.1.20...

WordPress WP Page Loading plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Page Loading versions = 1.0.6...

WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Frontend Dashboard versions = 2.2.8...

WordPress HT Team Member plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin HT Team Member versions = 1.1.7...

WordPress Search with Typesense plugin <= 2.0.10 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Search with Typesense versions = 2.0.10...

WordPress Profile Builder plugin <= 3.13.8 - Content Spoofing Vulnerability

Content Spoofing Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Profile Builder versions = 3.13.8...

WordPress WP Maintenance Mode & Site Under Construction plugin <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin WP Maintenance Mode & Site Under Construction versions = 4.3...

WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin RTMKit versions = 1.6.0...

CVE-2025-49007 ReDoS Vulnerability in Rack::Multipart handle_mime_head

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can caus...

CVE-2025-49007

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can caus...

CVE-2025-31482

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...

CVE-2025-31136

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...

CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

WordPress WP User Frontend Pro plugin <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin WP User Frontend Pro versions = 4.1.3...

WordPress MultiVendorX plugin <= 4.2.22 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by LVT-tholv2k in WordPress Plugin MultiVendorX versions = 4.2.22...

CVE-2025-5569 IdeaCMS getList.html Goods sql injection

A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...