PT-2025-21765 · Unknown · Phpgurukul Human Metapneumovirus Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Human Metapneumovirus Testing Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /edit-phlebotomist.php. The manipulation of the mobilenumber argument lead...

PT-2025-21339 · Unknown · Projectworlds Online Examination System

Name of the Vulnerable Software and Affected Versions: ProjectWorlds Online Examination System version 1.0 Description: A critical issue has been identified, affecting the file /Procedure3b yearwiseVisit.php. The manipulation of the Visit year argument leads to SQL injection. This issue can be...

ManageEngine ADSelfService Plus < build 6514 SQLi

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6514. It is, therefore, affected by an authenticated SQL injection vulnerability in the MFA reports. Note that Nessus has not tested for this issue but has instead...

10,000 WordPress Sites Affected by Remote Code Execution Vulnerability in UiPress lite WordPress Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 29th, 2025, we received a submission for a Remote Code Executio...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile EPMM software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 CVSS score: 5.3 - An authentication bypass in Ivanti Endpoi...

PT-2025-21237 · Jenkins · Jenkins Openid Connect Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Connect Provider Plugin versions 96.vee8ed882ec4d and earlier Description: The issue concerns the generation of build ID Tokens, which uses potentially overridden values of environment variables. This can be exploited by...

PT-2025-21195 · Drupal · Enterprise Mfa - Tfa For Drupal

Name of the Vulnerable Software and Affected Versions: Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in...

Alibaba Cloud Linux 3 : 0018: sqlite (ALINUX3-SA-2024:0018)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0018 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7104: A vulnerability was found in SQLite...

Alibaba Cloud Linux 3 : 0056: patch (ALINUX3-SA-2022:0056)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-13636: In GNU patch through 2.7.6, the...

Alibaba Cloud Linux 3 : 0266: grafana-pcp (ALINUX3-SA-2024:0266)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0266 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-9355: A vulnerability was found in Golang...

Alibaba Cloud Linux 3 : 0146: expat (ALINUX3-SA-2024:0146)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0146 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-52425: libexpat through 2.5.0 allows a...

Alibaba Cloud Linux 3 : 0152: python-lxml (ALINUX3-SA-2023:0152)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0152 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43818: lxml is a library for processing XM...

Alibaba Cloud Linux 3 : 0192: git-lfs (ALINUX3-SA-2024:0192)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0192 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-34156: Calling Decoder.Decode on a message...

Alibaba Cloud Linux 3 : 0052: c-ares (ALINUX3-SA-2023:0052)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0052 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32067: c-ares is an asynchronous resolver...

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

2025-05 .NET 8.0.16 Security Update for x64 Client (KB5059200)

2025-05 .NET 8.0.16 Security Update for x64 Client KB5059200...

50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 26th, 2024, we received a submission for an authenticated PHP...

82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 4th, 2025, we received a submission for an Arbitrary File Upload...