8338 matches found
CVE-2025-0951
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
CVE-2025-0951
Summary of CVE-2025-0951 (LiquidThemes for WordPress): The issue arises from a missing capability check in the liquid_reset_wordpress_before AJAX path across LiquidThemes plugins/themes, enabling authenticated attackers with Subscriber-level access and above to deactivate all plugins. The root ca...
CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...
PT-2025-35076
Name of the Vulnerable Software and Affected Versions: bPlugins B Slider versions through 1.1.30 Description: The software contains a missing authorization issue that allows exploiting incorrectly configured access control security levels. Recommendations: At the moment, there is no information...
Ubuntu: Security Advisory (USN-7717-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mattermost Server 9.11.x < 9.11.18 / 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.2 / 10.10.0 (MMSA-2025-00500)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00500 advisory. - Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.9, 9.11.x = 9.11.18 fail to properly validate file paths during plugin import operation...
Ubuntu: Security Advisory (USN-7716-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability
Missing Authorization to Authenticated Subscriber+ All Plugins Deactivated vulnerability discovered by Lucio Sá in WordPress Theme Hub versions = 1.2.12...
MAL-2025-41441 Malicious code in @nx/node (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2af988f9c4fc2229b1c898c346bb959612eb11fe9a5065e686c47328bee221e0 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...
CVE-2025-58202
Cross-Site Request Forgery CSRF vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through = 1.0.32...
CVE-2025-58202
CVE-2025-58202 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Simple Page Access Restriction , affecting versions up to and including 1.0.32 . The CVE notes a CSRF flaw that could allow unauthorized actions on behalf of authenticated users; the published CVSS ...
@alauda-fe/create-alauda-mfe-plugin (>=0.0.1 <=0.0.2), @apj-pace/pace-nx-plugin (>=0.0.2 <=0.0.5) +75 more potentially affected by CVE-2025-10894 via nx (>=20.0.0-beta.0 <=20.0.9)
nx NPM version =20.0.0-beta.0, =0.0.1, =0.0.2, =0.0.0, =0.5.0, =0.0.1, =0.0.25, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-canary.20240926-529ab94 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NX-12205542...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/config (>=0.0.4 <=0.0.34) +177 more potentially affected by CVE-2025-10894 via @nx/workspace (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/workspace NPM version =20.0.0-beta.0, =0.0.4, =0.0.47, =0.0.1, =0.0.2, =0.0.4, =0.0.9, =0.0.0, =1.0.0, =1.0.0, =0.5.0, =0.4.1, =0.4.6 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXWORKSPACE-12205641...
PT-2025-39354
Name of the Vulnerable Software and Affected Versions Nx affected versions not specified Description A malicious code insertion occurred within the Nx build system package and associated plugins, distributed through the npm software registry as part of a supply-chain attack. The compromised...
TencentOS Server 4: gstreamer1-plugins-good (TSSA-2025:0705)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0705 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : GStreamer Good Plugins vulnerabilities (USN-7717-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7717-1 advisory. Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these...
Linux Distros Unpatched Vulnerability : CVE-2019-13351
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a double file descriptor close issue during a...
USN-7717-1: GStreamer Good Plugins vulnerabilities
Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly disclose sensitive information...
USN-7717-1 gst-plugins-good1.0 vulnerabilities
Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly disclose sensitive information...