WordPress LifePress plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by l8BL in WordPress Plugin LifePress versions = 2.1.3...

WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Themify Builder versions = 7.6.7...

WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Colorbox Lightbox versions = 1.1.5...

WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by ch4r0n Patchstack Alliance in WordPress Plugin Templately versions = 3.2.7...

PT-2025-34149

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions =9.4.57 Eclipse Jetty versions =10.0.25 Eclipse Jetty versions =11.0.25 Eclipse Jetty versions =12.0.21 Eclipse Jetty version 12.1.0.alpha2 Description: An HTTP/2 client can trigger the server to send RST STREAM frames ...

WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobZilla - Job Board WordPress Theme Type Theme Vulnerable versions = 2.0 Fixed in 2.0.1 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-49382 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 33cb80ce3eab Credi...

SUSE SLES15 Security Update : kernel (Live Patch 36 for SLE 15 SP4) (SUSE-SU-2025:02897-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02897-1 advisory. This update for the Linux Kernel 5.14.21-15040024150 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID:...

SUSE SLES15 Security Update : kernel RT (Live Patch 11 for SLE 15 SP6) (SUSE-SU-2025:02871-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02871-1 advisory. This update for the Linux Kernel 6.4.0-1506001039 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core:...

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

CVE-2025-9165

A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is...

CVE-2025-38568

In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCAMQPRIOTCENTRYINDEX is validated using NLAPOLICYMAXNLAU32, TCQOPTMAXQUEUE, which allows the value TCQOPTMAXQUEUE 16. This leads to a 4-byte out-of-bounds stac...

CVE-2025-38568

In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCAMQPRIOTCENTRYINDEX is validated using NLAPOLICYMAXNLAU32, TCQOPTMAXQUEUE, which allows the value TCQOPTMAXQUEUE 16. This leads to a 4-byte out-of-bounds stac...

Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059201 fixes several issues. The following security issues were fixed: CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...

WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Funnel Builder by FunnelKit versions = 3.11.1...

Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-15050055100 fixes several issues. The following security issues were fixed: CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...

WordPress Markup Markdown plugin <= 3.20.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by JeonKim in WordPress Plugin Markup Markdown versions = 3.20.6...

SUSE-SU-2025:02873-1 Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070073 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351. -...

SUSE-SU-2025:02860-1 Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024144 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...

SUSE SLES15 Security Update : kernel (Live Patch 58 for SLE 15 SP3) (SUSE-SU-2025:02832-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02832-1 advisory. This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: cor...

WordPress FunnelKit Automations plugin <= 3.6.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin FunnelKit Automations versions = 3.6.3...