CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12360

CVE-2025-12360 affects the WordPress plugin Better Find and Replace – AI-Powered Suggestions . The vulnerability is a missing capability check in the rtafar_ajax() handler, present in all versions up to and including 1.7.7. As a result, authenticated attackers with Subscriber-level access can tri...

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

Security Bulletin: Due to use of Axios, IBM watsonx Code Assistant IDE Extensions is affected by unbounded memory and denial of service

Summary Axios is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL...

lakeFS 安全漏洞

lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS 1.69.0 and earlier versions, which stems from a lack of authentication in the /api/v1/usage-report/summary endpoint that could lead to the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990639)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990639 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990455)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990455 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow Coverity complains of a possible...

Malicious Package

Overview vite-smart-chunk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview tailwindcss-setgrids is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview monobing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @isv-occ-payment/occ-payment-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious Package

Overview @bbkkfkk/pre is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990301 advisory. In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989410)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989410 advisory. In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989173)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989173 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usagecount for console handover When console is enabled, univ8250consolesetu...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990107)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990107 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow Coverity complains of a possible...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988852)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988852 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990359 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix possible buffer overflow struct hcidevinfo has a fixed size name8 field s...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989791 advisory. In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989438 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstaterea...