WordPress Easy Google Maps plugin <= 1.11.18 - XML External Entity vulnerability

XML External Entity vulnerability discovered by minhtuanact in WordPress Plugin Easy Google Maps versions = 1.11.18...

Security Bulletin: There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24970)

Summary There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...

CVE-2025-3202 ageerle ruoyi-ai SysNoticeController.java improper authorization

A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation leads to improper authorization. It is possible...

CVE-2025-3199

A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulati...

CVE-2025-3198

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function displayinfo of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has...

CVE-2025-3198

CVE-2025-3198 affects GNU Binutils 2.43/2.44, specifically the display_info function in binutils/bucomm.c used by objdump. The issue is a memory leak caused by the manipulation within display_info. Exploitation is described as local, with the exploit disclosure publicly available. A patch is iden...

WordPress Product Filter by WBW plugin <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter vulnerability

Unauthenticated SQL Injection via filtersDataBackend Parameter vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Product Filter by WBW versions = 2.7.9...

WordPress Booster for WooCommerce plugin 4.0.1-7.2.4 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions 4.0.1-7.2.4...

Ivanti Connect Secure CVE-2025-22457 exploited in the wild

On Thursday, April 3, 2025, Ivanti disclosed a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways. CVE-2025-22457 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the...

CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call

Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. Thi...

ALPINE-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115

The CVE-2025-31115 affects XZ Utils’ liblzma multithreaded .xz decoder (lzma_stream_decoder_mt) in versions 5.3.3alpha through 5.8.0. The issue can cause a crash with heap-use-after-free and writes to memory based on a NULL pointer plus an offset, impacting applications/libraries that invoke the ...

CVE-2025-3160

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

CVE-2025-3160

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

UBUNTU-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-3160 Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

CVE-2025-3160 Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

UBUNTU-CVE-2025-3159

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buff...

PT-2025-14626 · Unknown · Project Worlds Online Lawyer Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Lawyer Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /searchLawyer.php. The manipulation of the experience argument leads to SQL injection...

PT-2025-14629 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS version 0.1.5 Description: A critical issue affects the JWT Handler component, where the manipulation leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely, with a rather high complexity, making...