WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Survey Maker versions = 5.1.9.4...

WordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika in WordPress Plugin WP Plugin Manager versions = 1.4.7...

WordPress WP Headless CMS Framework plugin <= 1.15 - Unauthenticated Protection Mechanism Bypass vulnerability

Unauthenticated Protection Mechanism Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Headless CMS Framework versions = 1.15...

CVE-2025-63929

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 2019-07-08. When multiple threads enqueue elements concurrently via IEC10XPrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential...

CVE-2025-63929

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 2019-07-08. When multiple threads enqueue elements concurrently via IEC10XPrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential...

CVE-2025-63929

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 2019-07-08. When multiple threads enqueue elements concurrently via IEC10XPrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential...

CVE-2025-32449

Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may...

WordPress Geopost plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Geopost versions = 1.2...

WordPress Add Multiple Marker plugin <= 1.2 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Bhayanak Atma in WordPress Plugin Add Multiple Marker versions = 1.2...

WordPress Holiday class post calendar plugin <= 7.1 - Unauthenticated Remote Code Execution via 'contents' vulnerability

Unauthenticated Remote Code Execution via 'contents' vulnerability discovered by kr0d in WordPress Plugin Holiday class post calendar versions = 7.1...

WordPress Fleet Manager plugin <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Fleet Manager versions = 2.5.1...

WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

Unauthenticated Arbitrary File Upload via 'copypostimage' vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.20...

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorpassword Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

...

WordPress KiotViet Sync plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988797 advisory. In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctlipfwdupdatepriority. While reading sysctlipfwdupdatepriority, it...

WordPress Top Bar Notification plugin <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Top Bar Notification versions = 1.12...

WordPress Doccure Core plugin < 1.5.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Doccure Core versions 1.5.4...

WordPress Tablesome plugin <= 1.1.32 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin Tablesome versions = 1.1.32...