OESA-2025-1430 xz security update

XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. Security Fixes: XZ Utils provide a general-purpose data-compression library...

PT-2025-17304 · Jmbroadcast · Jmbroadcast Jmb0150 Firmware

Name of the Vulnerable Software and Affected Versions: JMBroadcast JMB0150 Firmware version 1.0 Description: The issue is related to incorrect access control in the "HOME.php" endpoint, allowing attackers to access the Admin panel without authentication. Recommendations: For JMBroadcast JMB0150...

CVE-2025-32780

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\AppData\Local\Microsoft\WindowsApps, an attacker can execute...

WordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetElements For Elementor versions = 2.7.4.1...

WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Cloak Front End Email versions = 1.9.5...

WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Logger versions = 2.2...

WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Docket Cache versions = 24.07.02...

WordPress FluentBoards plugin <= 1.47 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin FluentBoards versions = 1.47...

WordPress Debug Log Manager plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Martino Spagnuolo in WordPress Plugin Debug Log Manager versions = 2.3.4...

CVE-2025-3730 PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bring Fraktguiden for WooCommerce versions = 1.11.4...

WordPress Drag and Drop Multiple File Upload for WooCommerce plugin <= 1.1.4 - Unauthenticated Arbitrary File Move vulnerability

Unauthenticated Arbitrary File Move vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Drag and Drop Multiple File Upload for WooCommerce versions = 1.1.4...

CVE-2024-53259 affecting package coredns for versions less than 1.11.4-1

CVE-2024-53259 affecting package coredns for versions less than 1.11.4-1. A patched version of the package is available...

WordPress Most And Least Read Posts Widget plugin <= 2.5.20 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Most And Least Read Posts Widget versions = 2.5.20...

WordPress WPCasa plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WPCasa versions = 1.3.2...

WordPress Themify Shortcodes plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Themify Shortcodes versions = 2.1.3...

WordPress WP Subscription Forms plugin <= 1.2.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Subscription Forms versions = 1.2.3...

WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Subscribe to Unlock Lite versions = 1.3.0...

CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...

WordPress Giveaways and Contests by RafflePress plugin < 1.12.17 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Giveaways and Contests by RafflePress versions 1.12.17...