WordPress Easy PayPal Events plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Easy PayPal Events versions = 1.2.2...

WordPress Custom Checkout Fields for WooCommerce plugin <= 1.8.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Custom Checkout Fields for WooCommerce versions = 1.8.3...

WordPress Cost Calculator for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin Cost Calculator for Elementor versions = 1.3.3...

WordPress WP Hotel Booking plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by luckybuddy in WordPress Plugin WP Hotel Booking versions = 2.1.9...

PT-2025-20117 · Unknown · Contact Form Widget

Name of the Vulnerable Software and Affected Versions: Contact Form Widget versions 1.4.6 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Contact Form Widget, allowing unauthorized requests. Recommendations: For versions 1.4.6 and earlier, update to a version that...

PT-2025-20039 · Unknown · Enrichedcall

Name of the Vulnerable Software and Affected Versions: EnrichedCall versions prior to SMR May-2025 Release 1 Description: The issue concerns the use of implicit intent for sensitive communication in EnrichedCall, allowing local attackers to access sensitive information. User interaction is requir...

PT-2025-20162 · Unknown · Themefic Beaf

Name of the Vulnerable Software and Affected Versions: Themefic BEAF versions through 4.6.10 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the server...

PT-2025-20828

Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 versions prior to 21.1052 Description An improper limitation of a pathname to a restricted directory issue exists in Samsung MagicINFO 9 Server. This allows attackers to write arbitrary files with system authority. The...

CVE-2024-3447 affecting package qemu for versions less than 8.2.0-14

CVE-2024-3447 affecting package qemu for versions less than 8.2.0-14. A patched version of the package is available...

CVE-2025-2784 affecting package libsoup for versions less than 3.4.4-5

CVE-2025-2784 affecting package libsoup for versions less than 3.4.4-5. A patched version of the package is available...

CVE-2025-46421 affecting package libsoup for versions less than 3.0.4-5

CVE-2025-46421 affecting package libsoup for versions less than 3.0.4-5. A patched version of the package is available...

WordPress WZ Followed Posts plugin <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WZ Followed Posts - Display what visitors are reading versions = 3.1.0...

CVE-2025-46815

ZITADEL Session API vulnerability (CVE-2025-46815) allows token/id reuse from idp intents prior to versions 3.0.0, 2.71.9, and 2.70.10. An attacker with URI access could obtain the id and token and authenticate on behalf of the user. MFA prevents full authentication, but this exposes a partial au...

Terraform WinDNS Provider improperly sanitizes input variables in `windns_record`

Impact: A security issue has been found in terraform-provider-windns before version 1.0.5. The windnsrecord resource did not santize the input variables. This can lead to authenticated command injection in the underlyding powershell command prompt. Patches: 83ef736 fix: better input validation...

GHSA-4VGF-2CM4-MP7C Terraform WinDNS Provider improperly sanitizes input variables in `windns_record`

Impact: A security issue has been found in terraform-provider-windns before version 1.0.5. The windnsrecord resource did not santize the input variables. This can lead to authenticated command injection in the underlyding powershell command prompt. Patches: 83ef736 fix: better input validation...

PT-2025-19831 · Sourcecodester · Sourcecodester Advanced Web Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Advanced Web Store version 1.0 Description: A critical issue has been found in the processing of the file /productdetail.php. The manipulation of the prodid argument leads to SQL injection. The attack may be initiated remotely...

PT-2025-19828 · Unknown · Phpgurukul Art Gallery Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Art Gallery Management System version 1.1 Description: A critical issue affects an unknown functionality of the file /admin/add-art-type.php. The manipulation of the arttype argument leads to SQL injection. This issue can be...

ruby:3.1 security update

ruby 3.1.7-146 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55410 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-86077...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21959)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21959 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize...

ruby:3.3 security update

ruby 3.3.8-4 - Upgrade to Ruby 3.3.8. Resolves: RHEL-86933 - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-87182 - Fix userinfo leakage in URIjoin, URImerge and URI+. CVE-2025-27221...