PT-2025-51860

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

CVE-2025-62738 WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

CVE-2025-12392 Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

CVE-2025-62009

Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through = 2.0.2...

Amazon Linux 2 : sox, --advisory ALAS2-2025-3032 (ALAS-2025-3032)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3032 advisory. A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted w...

Linux Distros Unpatched Vulnerability : CVE-2022-50544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates stream context array for streaminfo -streamctxarray with...

CVE-2025-47213

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-57906 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.6...

PT-2025-38800

Name of the Vulnerable Software and Affected Versions Glen Scott Plugin Security Scanner versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Honeywell Experion PKS 安全漏洞

Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS versions 520.1 to 520.2 TCU9 and 530 to 530 TCU3, which stems from uninitialized variables and could result in a denial of service...

CVE-2023-5218

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2022-28444

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability...

CVE-2022-45969

Alist v3.4.0 is vulnerable to Directory Traversal,...

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

WordPress Order Delivery Date Pro for WooCommerce plugin < 12.4.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Order Delivery Date for WP e-Commerce versions 12.4.0...

redis:6 security update

6.2.18-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605...

CVE-2025-22026

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

Exploit Title: Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass Date: 2022-10-10 Exploit Author: Zach Hanley, SC Vendor Homepage: https://www.fortinet.com Version: 7.0.0 Tested on: Linux CVE : CVE-2022-40684 This module requires Metasploit:...