WordPress LightPress Lightbox plugin < 2.3.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin WP jQuery Lightbox versions 2.3.4...

PT-2025-20727 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V15.03.06.46 Description: The issue is related to a Buffer Overflow in the formSetPPTPUserList handler. This occurs via the list POST parameter. Recommendations: For Tenda AC10 version V15.03.06.46, as a temporary workaroun...

PT-2025-20454

Name of the Vulnerable Software and Affected Versions WPBookit plugin for WordPress versions up to, and including, 1.0.2 Description The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover. This is due to the plugin not properly validating a user's identity...

PT-2025-20566

Name of the Vulnerable Software and Affected Versions Victure RX1800 version EN V1.0.0 r12 110933 Description The issue is related to a weak default password used by the Victure RX1800, which includes the last 8 digits of the Mac address. Recommendations For version EN V1.0.0 r12 110933, consider...

SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP5) (SUSE-SU-2025:1467-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1467-1 advisory. This update for the Linux Kernel 5.14.21-1505005588 fixes one issue. The following security issue was fixed: - CVE-2024-56650: netfilter: xtables: fix...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypass signature validation in XML data [CVE-2025-29774] [CVE-2025-29775]

Summary Node.js module xml-crypto is used by IBM App Connect Enterprise Certified Container for handling XML data. IBM App Connect Enterprise Certified Container operands are vulnerable to signature validation bypass. This bulletin provides patch information to address the reported vulnerability ...

WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Job Portal versions = 2.3.1...

CVE-2023-7303

CVE-2023-7303 affects the q2apro project, specifically the q2apro-on-site-notifications plugin up to version 1.4.6. The vulnerability resides in the process_request function of q2apro-onsitenotifications-page.php and enables cross-site scripting, with remote initiation possible. The advisory note...

ant bug fix update

An update is available for byte-buddy, jzlib, xerces-j2, xz-java, xml-commons-apis, jdepend, regexp, jakarta-mail, junit5, assertj-core, univocity-parsers, jakarta-oro, objectweb-asm, hamcrest, opentest4j, ant, antlr, apache-commons-logging, junit, xml-commons-resolver, jsch, bcel,...

WordPress Robo Gallery plugin <= 5.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Robo Gallery versions = 5.0.2...

RockyLinux 8 : tuned (RLSA-2024:11161)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:11161 advisory. tuned: improper sanitization of instancename parameter of the instancecreate method CVE-2024-52337 Tenable has extracted the preceding description block directly...

CVE-2025-46421 affecting package libsoup for versions less than 3.4.4-5

CVE-2025-46421 affecting package libsoup for versions less than 3.4.4-5. A patched version of the package is available...

PT-2025-19941 · Unknown · Golden Link Secondary System

Name of the Vulnerable Software and Affected Versions: Golden Link Secondary System up to 20250424 Description: A critical issue has been found in the Golden Link Secondary System, affecting some unknown processing of the file /reprotframework/tcEntrFlowSelect.htm. The manipulation of the...

CVE-2025-21981 affecting package kernel for versions less than 6.6.85.1-2

CVE-2025-21981 affecting package kernel for versions less than 6.6.85.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

CVE-2024-50615 affecting package tinyxml2 for versions less than 9.0.0-2

CVE-2024-50615 affecting package tinyxml2 for versions less than 9.0.0-2. A patched version of the package is available...

CVE-2024-36899 affecting package kernel for versions less than 5.15.179.1-1

CVE-2024-36899 affecting package kernel for versions less than 5.15.179.1-1. A patched version of the package is available...

CVE-2024-57981 affecting package kernel for versions less than 5.15.179.1-1

CVE-2024-57981 affecting package kernel for versions less than 5.15.179.1-1. A patched version of the package is available...

CVE-2025-46332

Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags...