WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin FG Drupal to WordPress versions = 3.90.0...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-6slack15.0.txz: Rebuilt. Recompiled with the missing security patches. Thanks to bigbadaboum for spotting this. For more...

WordPress Houzez Theme <= 4.0.4 is vulnerable to Broken Access Control

Software Houzez Type Theme Vulnerable versions = 4.0.4 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53997 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8d88cb889a1 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

Google Chrome Security Update (stable-channel-update-for-desktop_15-2025-07) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2022-48174 affecting package busybox for versions less than 1.36.1-14

CVE-2022-48174 affecting package busybox for versions less than 1.36.1-14. A patched version of the package is available...

CVE-2025-50085

...

CVE-2025-53903 The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...

CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

Security update for poppler

This update for poppler fixes the following issues: CVE-2025-52886: Fixed an integer overflow that can lead to a use-after-free. bsc1245625 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError bsc1244663. Patch Instructions: To install this SUSE update use the SUSE...

CVE-2025-53836

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...

Oracle Linux 8 : pcs (ELSA-2025-11047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11047 advisory. 0.10.18-2.0.1.6 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.6 - Fixed CVE-2024-49761 by updating rubygem rexml Resolves: RHEL-98708 Tenable has...

CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...

CVE-2025-53833

LaRecipe (a Laravel-based documentation app)

XWiki Rendering is vulnerable to RCE attacks when processing nested macros

Impact The default macro content parser didn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWi...

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

Summary The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execu...

CVE-2025-53014 ImageMagick has Heap Buffer Overflow in InterpretImageFilename

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

CVE-2025-53689

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...

PT-2025-29471 · Code Projects · Wedding Reservation

Name of the Vulnerable Software and Affected Versions: code-projects Wedding Reservation version 1.0 Description: A critical issue exists in code-projects Wedding Reservation 1.0, affecting an unknown part of the file /global.php. The manipulation of the argument lu leads to SQL injection, allowi...

CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...