CVE-2023-7197

CVE-2023-7197 affects Marketing Twitter Bot WordPress plugin (

CVE-2023-7195

CVE-2023-7195 affects the WP-Reply Notify WordPress plugin (v

CVE-2023-7088

CVE-2023-7088 affects the WordPress plugin Add SVG Support for Media Uploader (inventivo) up to version 1.0.5. The issue is that uploaded SVGs are not sanitized, allowing stored XSS via SVGs and enabling impact for users with as little as Author privileges. Publicly provided connected documents c...

CVE-2023-6783

CVE-2023-6783 concerns the WolfNet IDX for WordPress plugin (

CVE-2023-6541

The CVE-2023-6541 entry concerns the WordPress Allow SVG plugin prior to 1.2.0, where uploaded SVGs are not sanitized, enabling stored XSS via SVG payloads uploaded by users with as little as Author privileges. Impact is cross-site scripting with low to moderate severity per sources; remediation:...

CVE-2023-5932

The CVE-2023-5932 issue concerns the WordPress plugin Travelpayouts: All Travel Brands in One Place, affected in versions prior to 1.1.14. The root cause is that a parameter is not properly sanitized/escaped before being echoed back in the page, enabling a Reflected Cross-Site Scripting (XSS) att...

CVE-2023-5529

Affected software: Advanced Page Visit Counter WordPress plugin, prior to version 8.0.6. Root cause: plugin does not sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact: admin-level Stored X...

NetScaler shows an error stating "String length exceeds maximum [passplain, 31]"

When trying to update an existing certificate file with a new certificate file, upon clicking 'Ok', you see the following error appear: "String length exceeds maximum passplain, 31" The attempt to save the changes made fail because of the error which appears...

Alibaba Cloud Linux 3 : 0030: gzip (ALINUX3-SA-2022:0030)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0030 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1271: RESERVED This candidate has been...

Alibaba Cloud Linux 3 : 0174: libksba (ALINUX3-SA-2022:0174)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0174 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-3515: RESERVED This candidate has been...

Alibaba Cloud Linux 3 : 0032: java-11-openjdk (ALINUX3-SA-2021:0032)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0032 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-2163: RESERVED This candidate has been...

Flask uses fallback key instead of current signing key

In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last top key in the list to be the most...

2402 LTSR target device stuck initializing while checking the status of Hybrid joined machines

...

CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

CVE-2025-37875 igc: fix PTM cycle trigger logic

In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The...

PT-2025-20487 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been identified, related to the SMB client. The issue arises from an imbalance in the netns reference count, leading to potential leaks and...

Security Tools Alone Don't Protect You — Control Effectiveness Does

61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration...

CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 size 32: backtrace crc 0: pcpuallocnoprof+0x730/0xeb0 bpfmapallocpercpu+0x69/0xc0...

PT-2025-20420 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOlink A950RG version 4.1.2cu.5204 B20210112 Description: The issue arises from improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of the /lib/cste modules/system.so module. This leads to a buffer overflow...

CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog...