CVE-2025-8425 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

PT-2025-37130

Name of the Vulnerable Software and Affected Versions: My WP Translate plugin for WordPress versions up to and including 1.1 Description: The My WP Translate plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability...

Linux Distros Unpatched Vulnerability : CVE-2020-23321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a heap-buffer-overflow at lit-strings.c:431 in litreadcodeunitfromutf8 in JerryScript 2.2.0. CVE-2020-23321 Note that Nessus relies on the presence of...

CVE-2025-38705 drm/amd/pm: fix null pointer access

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...

Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

rv: Use strings in da monitors tracepoints

...

Linux Distros Unpatched Vulnerability : CVE-2017-17524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...

Use of Externally-Controlled Format String

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Regular Expression Denial Of Service (ReDoS)

Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...

Linux Distros Unpatched Vulnerability : CVE-2021-32921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or...

ImageMagick 安全漏洞

ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert or write images in a variety of formats. A security vulnerability exists in ImageMagick versions prior to 6.9.13-28 and 7.1.2-2, which stems from improper handling of geometric strin...

Linux Distros Unpatched Vulnerability : CVE-2017-7653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject...

CVE-2025-38636

CVE-2025-38636 : Linux kernel vulnerability in DA monitor tracepoints where tracing printed strings could read 32 bytes from a literal __array instead of __string, causing a global-out-of-bounds access to automaton_snep (harmless during print, but unsafe). The fix replaces reading 32 bytes with _...

CVE-2011-10029

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the output1 function of sfsservice.exe. This results in a denial of service DoS condition...

CVE-2011-10029

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the output1 function of sfsservice.exe. This results in a denial of service DoS condition...

CVE-2011-10029 Solar FTP Server <= 2.1.1 Malformed USER Denial of Service

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the output1 function of sfsservice.exe. This results in a denial of service DoS condition...

Linux Distros Unpatched Vulnerability : CVE-2022-27457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c. CVE-2022-27457 Note that...

Flexbyte Solar FTP Server 安全漏洞

Flexbyte Solar FTP Server is an FTP service from Flexbyte, Inc. A security vulnerability exists in Flexbyte Solar FTP Server that stems from improper handling of format strings when processing USER commands, which could lead to a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2017-9438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service stack consumption via a crafted rule involving hex strings...

DEBIAN-CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...