SUSE-SU-2025:01590-1 Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122216 fixes several issues. The following security issues were fixed: - CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage bsc1229504. -...

WordPress RSVPMarker plugin <= 11.5.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin RSVPMarker versions = 11.5.6...

WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce plugin <= 2.4.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Free Shipping Bar: Amount Left for Free Shipping for WooCommerce versions = 2.4.6...

UBUNTU-CVE-2025-24189

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption...

WordPress Download Manager plugin <= 3.2.98 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Download Manager versions = 3.2.98...

WordPress WP Content Copy Protection & No Right Click (premium) plugin < 15.3 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Esther Nambuya in WordPress Plugin WP Content Copy Protection & No Right Click premium versions 15.3...

WordPress WP ERP | Complete HR solution with recruitment plugin < 1.13.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Pedro Cuco Illex in WordPress Plugin WP ERP versions 1.13.4...

PT-2025-22022 · Customify · Customify

Name of the Vulnerable Software and Affected Versions: Customify versions 0.4.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can lead to unauthorized access due to the la...

PT-2025-22025 · Woocommerce · Category Slider For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Category Slider for WooCommerce versions through 4.3.4 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows for PHP...

PT-2025-22094

Name of the Vulnerable Software and Affected Versions: Grand Restaurant WordPress versions n/a through 7.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For Grand...

Ubuntu: Security Advisory (USN-7514-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-21841 · Unknown · Sourcecodester Restaurant Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Restaurant Management System version 1.0 Description: A critical issue was found in the itsourcecode Restaurant Management System, affecting the /admin/menu save.php file. The manipulation of the menu argument leads to SQL...

PT-2025-21850 · Unknown · Sourcecodester Restaurant Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Restaurant Management System version 1.0 Description: A critical issue affects an unknown part of the file /admin/team update.php. The manipulation of the team argument leads to SQL injection. It is possible to initiate the attac...

PT-2025-21826 · Totolink · Totolink N300Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RH version 6.1c.1390 B20191101 Description: A critical vulnerability was found in the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack c...

CVE-2025-47948 Cocotais Bot has builtin .echo command injection

Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...

CVE-2025-47945 Donetick Has Weak Default JWT Secret

Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens JWT for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate...

WordPress Social Media Share Buttons plugin < 2.9.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Social Media & Share Icons versions 2.9.0...

PT-2025-21784 · Totolink · Totolink A702R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue has been discovered, affecting the HTTP POST Request Handler component, specifically the file /boafrm/formWsc. The manipulation of the submit-url...

PT-2025-21799 · Totolink · Totolink A702R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability was found in the HTTP POST Request Handler component of the affected TOTOLINK devices. This vulnerability affects an unknown part of the fi...

WordPress Jetpack plugin < 3.4.8 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Marc Montpas in WordPress Plugin Jetpack Boost versions 3.4.8...