WordPress WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability

Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.16...

CVE-2025-48386

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

CVE-2025-5464

CVE-2025-5464 affects Ivanti Connect Secure (ICS) versions prior to 22.7R2.8. Affected component is the logging subsystem where sensitive information can be inserted into log files, enabling a local authenticated attacker to disclose that information. The documented remediation is to upgrade to I...

GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability

CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created th...

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-48432: Add an additional hardening for CVE-2025-48432 bsc1244095 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

CVE-2025-38237

In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode In fimcishwchangemode, the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent...

CVE-2025-20684

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416939; Issue ID: MSV-3422...

CVE-2025-20680

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044; Issue ID: MSV-3482...

CVE-2025-20695

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317...

CVE-2025-20691

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418039; Issue ID: MSV-3477...

PT-2025-28639 · Dimension · Dimension

Name of the Vulnerable Software and Affected Versions: Dimension versions 4.1.2 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where ...

PT-2025-28399 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2025 versions prior to V225.0 Update 5 Description: A stack-based overflow issue has been identified in the affected applications while parsing specially crafted CFG files. This could allow an attacker to execute code in the...

PT-2025-28576 · Microsoft · Windows Ntfs +1

Name of the Vulnerable Software and Affected Versions: Windows NTFS affected versions not specified Description: A null pointer dereference issue in Windows NTFS allows an authorized attacker to elevate privileges locally. The issue was fixed in the Windows July Patch Tuesday. Recommendations: At...

PT-2025-28359 · Unknown · Code-Projects Crime Reporting System

Name of the Vulnerable Software and Affected Versions: code-projects Crime Reporting System version 1.0 Description: A critical issue has been discovered in the code-projects Crime Reporting System, affecting an unknown function of the /complainer page.php file. The manipulation of the argument...

PT-2025-30106 · Go · Github.Com/Cosmos/Cosmos-Sdk

Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...

PT-2025-28495 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 14.1 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...

PT-2025-28273 · Codeastro · Codeastro Hospital Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Simple Hospital Management System version 1.0 Description: A problematic issue was found in the CodeAstro Simple Hospital Management System, affecting an unknown functionality of the file /doctor.html, specifically the POST Paramete...

PT-2025-28378 · Samsung · Galaxy Tablet

Name of the Vulnerable Software and Affected Versions: Galaxy Tablet versions prior to SMR Jul-2025 Release 1 Description: The issue concerns improper authorization for accessing saved Wi-Fi passwords on Galaxy Tablet devices. This allows secondary users to access the owner's saved Wi-Fi password...

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

CVE-2025-53377

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrodependentepessoanova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idfuncionario parameter. This...