CVE-2025-46469 WordPress Send From plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Buddle Send From send-from allows Stored XSS.This issue affects Send From: from n/a through = 2.2...

CVE-2025-46469

CVE-2025-46469 (WordPress Send From plugin) is a stored XSS vulnerability caused by improper input neutralization during web page generation. Affected plugin versions are listed as 2.2 and earlier (n/a through 2.2). Connected sources confirm the issue as stored XSS with the potential impact on Wo...

WordPress plugin Send From 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-18722 · Unknown · Pcman Ftp Server

Name of the Vulnerable Software and Affected Versions: PCMan FTP Server version 2.0.7 Description: A critical vulnerability was found in the SEND Command Handler component of PCMan FTP Server, leading to a buffer overflow. The attack can be launched remotely, and the exploit has been disclosed to...

The vulnerability of the ipc_msg_send_request() function in the fs/smb/server/transport_ipc.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ipcmsgsendrequest function in the fs/smb/server/transportipc.c module of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-30512

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely e.g., on/off...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by unauthenticated attackers to send configuration settings and potentially perform physical...

ibmvnic: Don't reference skb after sending to VIOS

...

ndisc: extend RCU protection in ndisc_send_skb()

...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the sendTestEmailAction function, which is accessible via the send-test-email endpoint. An attacker can have unescaped HTML rendered by injecting it into the content parameter of the email. Note: Javascript...

Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

GHSA-RR8G-9FPQ-6WMG Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

RUSTSEC-2025-0023 Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

SUSE CVE-2025-21930

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwltranssendcmd+0xba/0xe0 iwlwifi Call Trace: ? warn+0xca/0x1c0 ?...

CVE-2025-31592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paolo Melchiorre Send E-mail send-e-mail allows Stored XSS.This issue affects Send E-mail: from n/a through = 1.3...

AZL-59760 CVE-2025-21947 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix type confusion via race condition when using ipcmsgsendrequest req-handle is allocated using ksmbdacquireid&ipcida, based on idaalloc. req-handle from ksmbdipcloginrequest and FSCTLPIPETRANSCEIVE ioctl can be same and ...

DEBIAN-CVE-2025-21930

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwltranssendcmd+0xba/0xe0 iwlwifi Call Trace: ? warn+0xca/0x1c0 ?...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a race condition in ipcmsgsendrequest leading to type confusion...

WordPress Send E-mail plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Send E-mail versions = 1.3...