CVE-2025-39381 WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4...

PT-2025-17746 · Unknown · Kiotviet Sync

Name of the Vulnerable Software and Affected Versions: KiotViet Sync versions 1.8.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

WordPress plugin Kiotviet KiotViet Sync 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

CVE-2025-32408

CVE-2025-32408 affects Soffid Console prior to 3.6.32 (specifically 3.6.31 and earlier). The root cause is mishandled authorization to use the PAM service, as described in multiple sources. The base CVSS score is low (2.5, LOCAL access, high attack complexity, no user interaction). Red Hat and ot...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

SecureMail WorxMail for iOS unable to sync with Exchange

We are currently experiencing an issue affecting access to Secure Mail on iOS devices. Users are getting an error from SecureMail "Access to your company network is not currently available" SecureMail logs ======================== " 2025-04-20T01:15:42.139+0300 ",SecureMail,ERROR...

WordPress KiotViet Sync plugin <= 1.8.5 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin KiotViet Sync versions = 1.8.5...

CVE-2025-32573

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1.8.3...

CVE-2025-32573 WordPress KiotViet Sync Plugin <= 1.8.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1.8.3...

CVE-2025-32573

KiotViet Sync WordPress plugin suffers an SQL Injection (CVE-2025-32573) due to improper neutralization of special elements in SQL commands. Affected: KiotViet Sync versions up to 1.8.3 (per CVE details); patched in 1.8.4+ per PatchStack entry. Impact: potential unauthorized data access/manipulat...

PT-2025-17122 · Unknown · Kiotviet Sync

Name of the Vulnerable Software and Affected Versions: KiotViet Sync versions 1.8.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: Fo...

WordPress plugin KiotViet Sync SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

PT-2025-38566

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the ptp ocp watchdog function. The ptp ocp detach function only shuts down the watchdog timer if it is pending. If the timer handl...

WordPress KiotViet Sync Plugin <= 1.8.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Le Ngoc Anh in WordPress Plugin KiotViet Sync versions = 1.8.4...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237918. CVE-2022-49465: blk-throttle: Set BIOTHROTTLED when bio has been throttled bsc1238919...

CVE-2025-32579

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through = 1.0...

CVE-2025-32524

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online allows Reflected XSS.This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a throug...

CVE-2025-31599

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through = 8.6...

CVE-2025-32579

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through = 1.0...