CVE-2025-54370

CVE-2025-54370 affects PhpSpreadsheet. The SSRF vulnerability resides in PhpOffice\PhpSpreadsheet\Worksheet\Drawing::setPath, where a user-supplied string read by the HTML reader can cause server-side requests. Affected versions include prior to 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0; patches a...

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

Vulnerabilities fixed in Foxit Reader

Foxit has fixed vulnerabilities in Foxit Reader Specific to version 2025.1.0.27937. The vulnerabilities are in the way Foxit Reader handles PDF files. Malicious parties can exploit these vulnerabilities by tricking users into opening a malicious PDF file or visiting a malicious website, which can...

SUSE-SU-2025:02968-1 Security update for libqt4

This update for libqt4 fixes the following issues: - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 - CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file...

Security update for libqt4

This update for libqt4 fixes the following issues: CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file with an...

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

Foxit Reader Multiple Vulnerabilities (Aug 2025) - Windows

Foxit Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:reader";...

Linux Distros Unpatched Vulnerability : CVE-2019-10879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote...

Foxit PDF Reader Buffer Overflow Vulnerability

oxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a buffer overflow vulnerability that originates from out-of-bounds reads when parsing PRC files without validating user input, which could lead to remote code execution. A remote attacker can exploit this...

PT-2025-34665 · Run Llama · Llama Index

Name of the Vulnerable Software and Affected Versions: run-llama/llama index versions prior to 0.12.38 Description: A denial of service issue exists in the JSONReader component. The issue is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting i...

Linux Distros Unpatched Vulnerability : CVE-2016-10187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. CVE-2016-10187 Note that Nessu...

Linux Distros Unpatched Vulnerability : CVE-2006-4484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact...

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

CVE-2025-7842

CVE-2025-7842 – Silencesoft RSS Reader (WordPress)

CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

WordPress plugin Silencesoft RSS Reader 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2025-34513 · WordPress · Silencesoft Rss Reader

Name of the Vulnerable Software and Affected Versions: Silencesoft RSS Reader plugin for WordPress versions prior to 0.7 Description: The Silencesoft RSS Reader plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sil rss edit page...

WordPress Silencesoft RSS Reader plugin <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion vulnerability

Cross-Site Request Forgery to RSS Feed Deletion vulnerability discovered by Nabil Irawan in WordPress Plugin Silencesoft RSS Reader versions = 0.6...

CVE-2010-20010

Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler SEH chain, and lead to arbitrary code execution in t...