CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

[SECURITY] Fedora 41 Update: perl-Data-Entropy-0.008-1.fc41

This module maintains a concept of a current selection of entropy source. Algorithms that require entropy, such as those in Data::Entropy::Algorithms, can use the source nominated by this module, avoiding the need for entropy source objects to be explicitly passed around. This is convenient becau...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Apr-2025 Release 1 prior to Release 1, which stems from improper handling of privileges...

AZL-61765 CVE-2025-29481 affecting package pcp 6.3.2-1

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under...

gimp: PSD buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...

crocfilm.club Cross Site Scripting vulnerability OBB-4042491

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

automatismes.net Cross Site Scripting vulnerability OBB-4042407

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-32141 WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows PHP Local File Inclusion.This issue affects MasterStudy LMS: from n/a through = 3.5.28...

CVE-2025-31405

CVE-2025-31405 is a PHP Local File Inclusion/Remote File Inclusion issue affecting the WordPress plugin Fami WooCommerce Compare . Affected versions are listed as from n/a through 1.0.5. Root cause per the CVE description: improper control of filename for include/require statements in PHP, enabli...

Tenda W18E 安全漏洞

The Tenda W18E is a wireless router from the Chinese company Tenda. The Tenda W18E suffers from a stack buffer overflow vulnerability that originates from a stack buffer overflow in the formSetAccountList function's handling of the parameter Password. An attacker could exploit this vulnerability ...

service.fhl.net Cross Site Scripting vulnerability OBB-4042205

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

woman.forumdaily.com Cross Site Scripting vulnerability OBB-4042108

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

burlesque-fashion.de Cross Site Scripting vulnerability OBB-4041939

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Next.js may leak x-middleware-subrequest-id to external hosts

Summary In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more here. Credit Thank you to Jinseo Kim kjsman and RyotaK GMO Flat...

zardauspuff.de Cross Site Scripting vulnerability OBB-4041893

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

defence-and-security.com Cross Site Scripting vulnerability OBB-4041863

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

slideteam.net Cross Site Scripting vulnerability OBB-4041756

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AZL-59934 CVE-2025-21922 affecting package kernel for versions less than 6.6.85.1-2

In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning 1, which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP...