Linux Distros Unpatched Vulnerability : CVE-2021-2230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily...

Linux Distros Unpatched Vulnerability : CVE-2021-30458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform...

Linux Distros Unpatched Vulnerability : CVE-2025-46807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate...

Linux Distros Unpatched Vulnerability : CVE-2017-18075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface...

Linux Distros Unpatched Vulnerability : CVE-2018-13258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. CVE-2018-13258 No...

CVE-2025-54869 FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

CVE-2025-32430

CVE-2025-32430 – XWiki Platform Reflected XSS . Affected: XWiki Platform versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5, and 17.0.0-rc-1 through 17.2.2. Issue: two templates contain reflected XSS allowing attacker-controlled URLs to execute JavaScript in the victim’s session...

XWiki exposes passwords and emails stored in fields not named password/email in xml.vm

Impact The XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This allows any user to obtain the salted and hashed user accou...

GHSA-R38M-CGPG-QJ69 XWiki leaks password hashes and other accessible password properties

Impact Any user with edit right on a page of the wiki can create an XClass with a database list property that references a password property, for example the password hash that is stored for users. When adding an object of that XClass, the content of that password property is displayed. In...

CVE-2025-8553

A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitiveword/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2025-5061 WP Import Export Lite <= 3.9.29 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-8549 atjiu pybbs UserAdminController.java update weak password

A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack...

WordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 63n0 in WordPress Plugin Groundhogg versions = 4.2.2...

PT-2025-31912 · WordPress · Wp Import Export Lite

Name of the Vulnerable Software and Affected Versions: WP Import Export Lite plugin for WordPress versions up to and including 3.9.29 Description: The WP Import Export Lite plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the wpie pars...

Linux Distros Unpatched Vulnerability : CVE-2021-2399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.25 and prior. Easily exploitable...

Linux Distros Unpatched Vulnerability : CVE-2025-37892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: inftlcore: Add error check for inftlreadoob In INFTLfindwriteunit, the return value of inftlreadoob need to be checked. A proper implementation can be foun...

Linux Distros Unpatched Vulnerability : CVE-2025-25204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gh is GitHub's official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact...

Linux Distros Unpatched Vulnerability : CVE-2019-19049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak in the unittestdataadd function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service memory...

Linux Distros Unpatched Vulnerability : CVE-2025-38299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMPDUMMY ETDM2INBE and ETDM1OUTBE are defined...

Pixel Update Bulletin—August 2025Stay organized with collectionsSave and categorize content based on your preferences.

Published August 5, 20225 The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2025-08-05 or later address all issues in this bulletin and all issues in the...