PT-2025-3150 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

WordPress Same but Different – Related Posts by Taxonomy plugin <= 1.0.16 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Same but Different – Related Posts by Taxonomy versions = 1.0.16...

PT-2025-1645 · WordPress · Same But Different – Related Posts By Taxonomy

Name of the Vulnerable Software and Affected Versions: Same but Different – Related Posts by Taxonomy plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without...

CVE-2025-21615 AAT allows data exfiltration by other apps installed on the same device

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

PT-2025-49858

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 Description A same-origin policy bypass exists within the Request Handling component. This allows potential circumvention of security...

undertow: information leakage via HTTP/2 request header reuse

REJECTED CVE A vulnerability has been identified in the Undertow package where the readHpackString method may incorrectly reuse an HTTP request header value from a previous stream for a new request on the same HTTP/2 connection due to improper handling of the stringBuilder field. While this...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the toHTMLEx method. An attacker can execute arbitrary JavaScript code by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search parameter. An attacker can execute scripts by convincing a user to click a malicious link, and then click the search bar on the target page. Details Cross-site scripting or XSS is a code...

DEBIAN-CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from calling khugepaged, ksm in the wrong context...

AZL-53057 CVE-2024-50217 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in btrfsfreeextradevids Mounting btrfs from two images which have the same one fsid and two different devuuids in certain executing order may trigger an UAF for variable...

btrfs: fix race setting file private on concurrent lseek using same fd

...

The vulnerability of the Nested iFrame Handler component in the Firefox web browser arises from an incorrect SameSite attribute in the cookie file. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the Nested iFrame Handler component in the Firefox web browser is related to an incorrect SameSite attribute in the cookie file. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service interruptions...

South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

Meta has been fined 21.62 billion won $15.67 million by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The...

Important: firefox

Issue Overview: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131. CVE-2024-9392 An attacker could, via a specially crafted...

kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

A vulnerability was found in the Linux kernel's networking subsystem in the actapi implementation within the tcfidrcheckalloc function, which lead to a possible infinite loop when multiple actions with the same index are added, causing the second request to block indefinitely while holding the...

PT-2024-8531

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a use-after-free vulnerability in the btrfs file system. It can be triggered when mounting btrfs from two images with the same fsid and different dev uuids in a...