[SECURITY] Fedora 42 Update: kddockwidgets-1.7.0-27.fc42

Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in Qt...

SUSE CVE-2023-53733

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsu32: Undo tcfbindfilter if u32replacehwknode When u32replacehwknode fails, we need to undo the tcfbindfilter operation done at u32setparms...

CVE-2023-53733 net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsu32: Undo tcfbindfilter if u32replacehwknode When u32replacehwknode fails, we need to undo the tcfbindfilter operation done at u32setparms...

CVE-2025-10749

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

CVE-2025-10749 Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

CVE-2025-10749 Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

OSV-2025-855 Use-of-uninitialized-value in AlphaReplace_SSE2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=454314139 Crash type: Use-of-uninitialized-value Crash state: AlphaReplaceSSE2 WebPReplaceTransparentPixels WebPEncode...

PT-2025-43588

Name of the Vulnerable Software and Affected Versions Microsoft Azure Storage for WordPress plugin for WordPress versions up to and including 4.5.1 Description The software is susceptible to unauthorized arbitrary media deletion. This is a result of missing capability checks on the...

WordPress Find And Replace content plugin cross-site scripting vulnerability

WordPress Find And Replace content plugin is a plugin used to batch find and replace the specified text in the website content, mainly used to solve the problem of batch modification in the website content update demand. A cross-site scripting vulnerability exists in the WordPress Find And Replac...

CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...

WordPress Find And Replace content for WordPress plugin <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ifoundbug in WordPress Plugin Find And Replace content for WordPress versions = 1.1...

CVE-2025-9496

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-33820

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9496

CVE-2025-9496 affects the Enable Media Replace WordPress plugin (up to version 4.1.6). Root cause: stored XSS via the file_modified shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact: authenticated attackers withContributor+ access can inject ...

CVE-2025-9496 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9496 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Enable Media Replace 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-41646

Name of the Vulnerable Software and Affected Versions Enable Media Replace plugin for WordPress versions up to and including 4.1.6 Description The software is susceptible to Stored Cross-Site Scripting through the file modified shortcode. Insufficient input sanitization and output escaping on...

WordPress Enable Media Replace plugin <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via filemodified Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Enable Media Replace versions = 4.1.6...

kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c

A flaw was discovered in processing setsockopt IPTSOSETREPLACE or IP6TSOSETREPLACE for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leverage...