CVE-2025-43529

A flaw was found in webkitgtk where when processing a maliciously crafted web content a use-after-free type of weaknesses may be triggered leading to a remote code execution in the client machine. Mitigation To mitigate this issue, avoid processing untrusted web content. Additionally, disabling t...

Random Coding for Long-Range Continuous-Variable QKD

Quantum Key Distribution QKD schemes are key exchange protocols based on the physical properties of quantum channels. They avoid the computational-hardness assumptions that underlie the security of classical key exchange. Continuous-Variable QKD CVQKD, in contrast to qubit-based discrete-variable...

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

PT-2025-51876

Name of the Vulnerable Software and Affected Versions SLiMS slims9 bulian versions prior to 9.6.0 Description The software contains a reflected cross-site scripting XSS issue due to improper handling of the $ SERVER'PHP SELF' variable in the index.php/sysconfig.inc.php file. This allows a remote...

Fickling has Code Injection vulnerability via pty.spawn()

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by pty missing from our block list of unsafe module imports as previously documented in 108, rather than the unused variable heuristic. This led to unsafe pickles based on pty.spawn being...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

EUVD-2025-203315

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

CVE-2025-67900

NXLog Agent before 6.11 is affected by a vulnerability where the process can load a file specified by the OPENSSL_CONF environment variable. This allows manipulation of the OpenSSL configuration, with potential impact on cryptographic operations. Affected product: NXLog Agent; vulnerable version(...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

NXLog Agent 安全漏洞

NXLog Agent is a log management software from NXLog USA. A security vulnerability exists in NXLog Agent versions prior to 6.11, which originates from a file specified by the loadable OPENSSLCONF environment variable...

PT-2025-51178

Name of the Vulnerable Software and Affected Versions NXLog Agent versions prior to 6.11 Description NXLog Agent versions before 6.11 are susceptible to a local issue that allows attackers to manipulate the OpenSSL configuration. The issue involves the loading of a file specified by the OPENSSL...

Command Injection

sqls-server/sqls is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the EDITOR environment variable and config file path in the openEditor function, which allows an attacker to execute arbitrary commands through crafted input passed to sh -c...

CVE-2025-14125

The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-14138

The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14132

The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14129

The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14137

The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...