CVE-2025-55780

A null pointer dereference occurs in the function breakwordforoverflowwrap in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fzhtmlsplitflow to split a FLOWWORD node, but does not check if node-next is valid before accessing node-next-overflowwrap, resulti...

CVE-2025-39888

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...

CVE-2025-39874

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...

CVE-2025-39859

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptpocpwatchdog The ptpocpdetach only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timerdeletesync is not called. This leads to...

CVE-2023-53353

In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone memmgr IDR destruction to hprivrelease The memory manager IDR is currently destroyed when user releases the file descriptor. However, at this point the user context might be still held, and memory buffe...

CVE-2023-53220

In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...

CVE-2025-39759

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the...

WordPress Contact Form to Any API Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7617 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8a05dbbe144d Credits Jorgson...

WordPress WP Easy Gallery Plugin <= 4.8.5 is vulnerable to Broken Access Control

Software WP Easy Gallery Type Plugin Vulnerable versions = 4.8.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8437 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29e098328a72 Credits Lucio Sá Required privilege...

gtp.gr Cross Site Scripting vulnerability OBB-3705411

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

maskanikenya.co.ke Cross Site Scripting vulnerability OBB-2945144

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

thehideoutva.com Cross Site Scripting vulnerability OBB-2148577

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

shonic.co.kr Cross Site Scripting vulnerability OBB-1363133

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

tokiwakai.jp Cross Site Scripting vulnerability OBB-1363010

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the...

detail.br.oppo.rozbuzz.com Cross Site Scripting vulnerability OBB-1359900

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Servicing stack update for Windows 10 version 1903: September 24, 2019

Servicing stack update for Windows 10 version 1903: September 24, 2019 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.We strongly recommend you install the latest servicing stack update SSU for your operating system befo...

autospares.eu XSS vulnerability

Open Bug Bounty ID: OBB-636810 Description| Value ---|--- Affected Website:| autospares.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Threat Outbreak Alert RuleID4961KVR: Email Messages Distributing Malicious Software on September 24, 2016

Medium Alert ID: 43657 First Published: 2016 February 22 21:55 GMT Last Updated: 2016 October 3 12:49 GMT Version: 46 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID4961...

Threat Outbreak Alert RuleID18204: Email Messages Distributing Malicious Software on September 24, 2015

Medium Alert ID: 41171 First Published: 2015 September 23 15:31 GMT Last Updated: 2015 September 25 12:46 GMT Version: 3 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat...