CVE-2025-53529 WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter)

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profilefuncionario.php endpoint. The idfuncionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to...

CVE-2025-53527 WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatoriogeracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or...

CVE-2025-7057

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension allows Stored XSS.This issue affects Mediawiki - Quiz Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before...

CLSA-2025-1751895848 sudo: Fix of CVE-2025-32462

CVE-2025-32462: fix privilege escalation vulnerability by restricting unauthorized users from gaining elevated system privileges via the Sudo host option...

CVE-2025-5472

The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...

WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Multi-language Responsive Contact Form versions = 2.8...

WordPress Torod plugin <= 2.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Torod versions = 2.1...

webkitgtk: Use-after-free leading to arbitrary code execution

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Logic issue leading to universal cross site scripting attack

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting...

PT-2025-28117 · Unknown · Simstudioai Sim

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 0.1.17 Description: A critical issue has been found, affecting the handleLocalFile function of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the filePath argument leads to path traversal...

PT-2025-28224 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical issue has been found, affecting an unknown part of the file /panel/schedule-staff.php. The manipulation of the staff id argument leads to SQL injection. It is...

kernel security update

5.14.0-570.25.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...

Android Security Bulletin—July 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Pixel Watch Security Bulletin—July 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-07-01 or later address all issues in this bulletin and all issues in the July 2025 Android Security Bulletin and all issue...

Wear OS Security Bulletin—July 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2025-07-05 or later from the July 2025 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.3 (SVD-2025-0706)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0706 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2025-38211

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

PT-2025-28092 · Comodo · Comodo Internet Security Premium

Name of the Vulnerable Software and Affected Versions: Comodo Internet Security Premium version 12.3.4.8162 Description: A critical issue has been found in the processing of the file cis update x64.xml of the component Manifest File Handler. The manipulation of the argument binary/params leads to...

CVE-2025-52554

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...

CVE-2025-53369

Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue...