GHSA-GM2P-WF5C-W3PJ Infinite loop condition in Amazon.IonDotnet

Summary Amazon.IonDotnet ion-dotnet is a .NET library with an implementation of the Ion data serialization format. An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition. Impact When reading binary Ion...

PYSEC-2025-41

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

CVE-2025-31120 NamelessMC Vulnerable to Cookie-Based View Count Manipulation

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie nl-topic-t...

CVE-2025-30158 NamelessMC Forum iframe width/height abuse causing UI-based Denial of Service

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker ...

CVE-2025-27599 Element X Android vulnerable to loading malicious web pages via received intent

Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it...

WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WPAMS versions = 44.0 17-08-2023...

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

CVE-2025-31478 Zulip Authentication Backend Configuration Bypass

Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being requir...

CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly

In the Linux kernel, the following vulnerability has been resolved: bnxten: Mask the bdcnt field in the TX BD properly The bdcnt field in the TX BD specifies the total number of BDs for the TX packet. The bdcnt field has 5 bits and the maximum number supported is 32 with the value 0...

CVE-2025-22039 ksmbd: fix overflow in dacloffset bounds check

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...

SUSE-SU-2025:1264-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-32464: Fixed heap-based buffer overflow in sampleconvregsub. bsc1240971...

WordPress Total processing card payments for WooCommerce plugin <= 7.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.6...

CVE-2024-49707 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

GHSA-P9HH-MH5X-WVX3 Formie has XSS vulnerability for importing forms

Impact When importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have themselves exported the form from one environment to...

WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin SKT Blocks versions = 1.8...

WordPress MSRP (RRP) Pricing for WooCommerce Plugin <= 1.8.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin MSRP RRP Pricing for WooCommerce versions = 1.8.1...

Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function

Summary In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. Patches This issue is patched in 2.16.1 and 3.0.0-alpha.5. PoC Coming soon... Impact 1. Redirect user to another phishing site 2...

GHSA-FMHH-RW3H-785M bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

Impact The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't trust the input images, this could be abused to...