8338 matches found
RLSA-2025:7894 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 For more details about the security issues, including the impact, ...
CVE-2025-6730
CVE-2025-6730 : Bonanza – WooCommerce Free Gifts Lite (WordPress) up to version 1.0.0 is vulnerable to unauthorized data modification due to a missing capability check in xlo_optin_call(). Authenticated users with Subscriber level access and above can set the opt-in status to success. Impact is l...
macOS Sploitlight Flaw Exposes Apple Intelligence-Cached Data to Attackers
macOS flaw dubbed Sploitlight allows attackers to access Apple Intelligence-cached data by abusing Spotlight plugins, bypassing privacy controls...
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Microsoft Threat Intelligence has discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control TCC, such as files in the Downloads folder, as well as caches utilized by Apple Intelligence. While similar to prio...
Sitadel
This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible for Python = 3.4. It allows more flexibility for users to write new modules and implement new features, such as frontend framework detection, content delivery network detection, and plugi...
CVE-2025-8104 Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function
The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemoryinstallplugin function. This makes it possible for unauthenticated attackers to silently install one of the several...
MAL-2025-6250 Malicious code in @grafanacloud/plugins-platform-backend (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb7ac91dd5a55c67e31e4875b9f32f5a8778e2d25e69dc79e81d418356990fa8 The OpenSSF Package Analysis project identified...
Security update for gstreamer-plugins-bad (important)
openSUSE Security Update: Security update for gstreamer-plugins-bad Announcement ID: openSUSE-SU-2025:0229-1 Rating: important References: 1242809 Cross-References: CVE-2025-3887 CVSS scores: CVE-2025-3887 SUSE: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products...
SUSE-SU-2025:20507-1 Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403 - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404 - CVE-2025-47806: Fixed Stack buffer overflow in SubRip...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403 CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404 CVE-2025-47806: Fixed Stack buffer overflow in SubRip subtit...
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins aka mu-plugins are special plugins that are automatically activate...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47806: Fixed stack buffer overflow in SubRip...
SUSE-SU-2025:02472-1 Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47806: Fixed stack buffer overflow in SubRi...
DB-GPT 命令注入漏洞
DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.7.0, which stems from a file upload vulnerability in agent.hub.controller.refreshplugins that could lead to the execution of arbitrary...
CVE-2025-7696
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
CVE-2025-7697 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function
The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
CVE-2025-54039
Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through = 3.0.16...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244406. CVE-2025-47219: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244405. CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer bsc1234421...
SUSE-SU-2025:02347-1 Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: - CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244406. - CVE-2025-47219: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244405. - CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer...