CVE-2025-39396 WordPress JetReviews plugin <= 2.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through = 2.3.6...

CVE-2025-4948

A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...

CVE-2025-47758

V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::getProgramFilename function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...

libsoup 数字错误漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A numeric error vulnerability exists in libsoup that stems from an integer overflow when processing specially crafted multipart messages, which could cause the program to crash...

Fuji Electric V-SFT 安全漏洞

Fuji Electric V-SFT is a screen configuration software from Fuji Electric Japan. Fuji Electric V-SFT suffers from a buffer overflow vulnerability that originates from the CTxSubFile::getProgramFilename function in VS6File that fails to correctly validate the length and size of input data, which c...

Scaling an ISO Compliance Practice: Strategic Insights from Building a \$1m+ Cybersecurity Certification Line

The rapid exponential growth in cloud-first business models and tightened global data protection regulations have led to the exponential increase in the level of importance of ISO certifications, especially ISO/IEC 27001, 27017, and 27018, as strategic imperative propositions for organizations...

Next.js Race Condition to Cache Poisoning

Summary We received a responsible disclosure from Allam Rachid zhero for a low-severity race-condition vulnerability in Next.js. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Learn more here...

CVE-2025-43010

SAP S/4HANA Cloud Private Edition or on Premise SCM Master Data Layer MDL allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation an...

50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 26th, 2024, we received a submission for an authenticated PHP...

SUSE CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

SAP S/4HANA Cloud Private 代码注入漏洞

SAP S/4HANA Cloud Private is a private cloud-deployed, enterprise-grade, intelligent ERP suite based on in-memory computing architecture from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA Cloud Private, which stems from a lack of input validation and authorization checking an...

Cryptography without Long-Term Quantum Memory and Global Entanglement: Classical Setups for One-Time Programs, Copy Protection, and Stateful Obfuscation

We show how oracles which only allow for classical query access can be used to construct a variety of quantum cryptographic primitives which do not require long-term quantum memory or global entanglement. Specifically, if a quantum party can execute a semi-quantum token scheme Shmueli 2022 with...

Tenda W18E Stack Buffer Overflow Vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. The Tenda W18E suffers from a stack buffer overflow vulnerability that originates from a stack buffer overflow in the formSetAccountList function's handling of the parameter Password. An attacker could exploit this vulnerability ...

📄 RDPGuard 9.9.9 Privilege Escalation

RDPGuard version 9.9.9 suffers from a privilege escalation vulnerability. Exploit Title: RDPGuard 9.9.9 - Privilege Escalation SYSTEM Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version...

PT-2025-24554

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw in the libarchive library can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber LZSS window. This can cause the...

MAL-2025-3744 Malicious code in program-admin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 79810d0cd56c8a3266dcbe5827dd3d27eb976b353c7b17940a29dddc602df4f7 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

Malicious code in program-admin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 79810d0cd56c8a3266dcbe5827dd3d27eb976b353c7b17940a29dddc602df4f7 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

CVE-2025-47494

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4.1...

SUSE CVE-2024-58100

In the Linux kernel, the following vulnerability has been resolved: bpf: check changespktdata property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the...

SUSE CVE-2022-49764

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent bpf program recursion for raw tracepoint probes We got report from sysbot 1 about warnings that were caused by bpf program attached to contentionbegin raw tracepoint triggering the same tracepoint by using...