MAL-2025-20547 Malicious code in file-load-validate-cat-decode (npm)

The package file-load-validate-cat-decode was found to contain malicious code...

Malicious code in deploy-validate-execute-moon-protected (npm)

The package deploy-validate-execute-moon-protected was found to contain malicious code...

MAL-2025-38050 Malicious code in validate-air-cron-zero-moon (npm)

The package validate-air-cron-zero-moon was found to contain malicious code...

CVE-2025-4390

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validaterestrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted...

Use of Uninitialized Resource

Overview helm.sh/helm/pkg/chartutil is a package that contains tools for working with charts. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by...

CVE-2025-4390 WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validaterestrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted...

CVE-2025-4390

CVE-2025-4390 affects the WordPress plugin WP Private Content Plus (versions up to 3.6.2). The vulnerability is a Sensitive Information Exposure via the validate_restrictions function, allowing unauthenticated attackers to extract sensitive data, including restricted posts on archive and feed pag...

CVE-2025-4390 WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validaterestrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted...

BIT-LIBPHP-2021-21708 UAF due to php_filter_float() failing

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...

Linux Distros Unpatched Vulnerability : CVE-2025-22001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from t...

The vulnerability of the `create_validate_stream_for_sink()` function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the createvalidatestreamforsink function in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

UBUNTU-CVE-2025-38366

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "numcpu" from user space The maximum supported cpu number is EIOINTCROUTEMAXVCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow...

CVE-2025-38366 LoongArch: KVM: Check validity of "num_cpu" from user space

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "numcpu" from user space The maximum supported cpu number is EIOINTCROUTEMAXVCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow...

Salesforce Tableau Server 安全漏洞

Salesforce Tableau Server is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the validate-initial-sql...

PT-2025-30339 · Dippy · Dippy

Name of the Vulnerable Software and Affected Versions: Dippy version 2 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Dippy that allows attackers to gain sensitive information. The vulnerability is present in the conversation history API endpoint and is exploitable...

PT-2025-29936 · Unknown · Nbcio-Boot

Name of the Vulnerable Software and Affected Versions: nbcio-boot version 1.0.3 Description: nbcio-boot version 1.0.3 contains a SQL injection issue via the userIds parameter at the /sys/user/deleteRecycleBin API endpoint. Recommendations: nbcio-boot version 1.0.3: Sanitize or validate the userId...

📄 Langflow 1.2.x Remote Code Execution

Langflow exposes a vulnerable endpoint /api/v1/validate/code that improperly evaluates arbitrary Python code via the exec function. An unauthenticated remote attacker can execute arbitrary system commands. Versions 1.2.x and below are affected. !/usr/bin/env python3 Exploit Title: Langflow 1.2.x ...

PT-2025-29391 · Unknown · Campcodes Online Movie Theater Seat Reservation System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Movie Theater Seat Reservation System version 1.0 Description: A critical issue exists in Campcodes Online Movie Theater Seat Reservation System version 1.0. The save movie function within the /admin/admin class.php file is...

CVE-2025-53536 Roo Code allows Potential Remote Code Execution via .vscode/settings.json

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

CVE-2025-38230

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...