WordPress Product Import Export for WooCommerce plugin <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function vulnerability

Authenticated Administrator+ Server-Side Request Forgery via validatefile Function vulnerability discovered by HayMiz in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.0...

CVE-2025-1912 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...

WordPress plugin Product Import Export for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

CVE-2024-13923

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2024-13923 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2024-13923

CVE-2024-13923 : The Order Export & Order Import for WooCommerce WordPress plugin is vulnerable to Server-Side Request Forgery via the validate_file() function in all versions up to and including 2.6.0. Exploitation requires authenticated Administrator-level access or higher and allows web reques...

Vulnerability of the null_validate_conf() function (drivers/block/null_blk/main.c) in the Linux operating system kernel, allowing a hacker to trigger a service failure

The vulnerability of the nullvalidateconf function drivers/block/nullblk/main.c in the Linux kernel is related to pointer dereferencing. Exploiting this vulnerability could allow an attacker to cause a service failure...

SUSE CVE-2025-21711

In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rosesetsockopt In case of possible unpredictably large arguments passed to rosesetsockopt and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum an...

SUSE CVE-2022-49069

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30internalvalidatebw Why Below general protection fault observed when WebGL Aquarium is run for longer duration. If drm debug logs are enabled and set to 0x1f then the issue is...

SUSE CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

AZL-58005 CVE-2025-21711 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rosesetsockopt In case of possible unpredictably large arguments passed to rosesetsockopt and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum an...

UBUNTU-CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

CVE-2021-47649 udmabuf: validate ubuf->pagecount

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot has reported GPF in sgallocappendtablefrompages. The problem was in ubuf-pages == ZEROPTR. ubuf-pagecount is calculated from arguments passed from user-space. If user creates udmabuf with...

Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

GHSA-99VM-5V2H-H6R6 Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

Malicious code in jquery.validate.additional-methods-br (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38146e8961491ebc882527395be69e281eeb62c0a44bba6abe87a8c037614c59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1488 Malicious code in jquery.validate.additional-methods-br (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38146e8961491ebc882527395be69e281eeb62c0a44bba6abe87a8c037614c59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CMSimple has an unspecified vulnerability

CMSimple is a free content management system. An unspecified vulnerability exists in CMSimple, which can be exploited by an attacker to obtain sensitive information via a carefully crafted script that can be used to validate link functionality...

CVE-2025-1094

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

Important Photon OS Security Update - PHSA-2025-4.0-0751

Updates of 'perl-Data-Validate-IP' packages of Photon OS have been released...