WordPress EduMall Theme <= 4.2.4 is vulnerable to Local File Inclusion

Software EduMall Type Theme Vulnerable versions = 4.2.4 Fixed in 4.3.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-2101 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ce27fee25f49 Credits Tonn Required privilege Unauthenticated Published ...

PT-2025-17882 · WordPress · Prevent Direct Access – Protect Wordpress Files

Name of the Vulnerable Software and Affected Versions: Prevent Direct Access – Protect WordPress Files plugin versions 2.8.6 through 2.8.8.2 Description: The issue allows unauthorized access and modification of data due to a misconfigured capability check on the pda lite custom permission check...

CVE-2025-43861 ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes"...

CVE-2025-43858 YoutubeDLSharp allows command injection on windows system due to non sanitized arguments

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...

CVE-2025-32968

The CVE-2025-32968 issue affects XWiki Platform (org.xwiki.platform:xwiki-platform-oldcore) where a user with SCRIPT right can escape the HQL context via the script query API and perform blind SQL injection. Affected versions span 1.6-milestone-1 up to but not including 15.10.16, 16.4.6, and 16.1...

CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

lanskallan.se Cross Site Scripting vulnerability OBB-4048096

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-32956 ManageWiki has SQL injection vulnerability in NamespaceMigrationJob

ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix namespace name, which is the current namespace you are renaming with an injection...

CVE-2025-32956

Summary: CVE-2025-32956 affects the ManageWiki MediaWiki extension. The vulnerability is an SQL injection in NamespaceMigrationJob triggered when renaming a namespace in Special:ManageWiki/namespaces using a page prefix. The issue stems from unsanitized input in the namespace rename flow and has ...

PT-2025-17375 · Wcms · Wcms

Name of the Vulnerable Software and Affected Versions: WCMS version 11 Description: A critical vulnerability was found in WCMS 11, affecting an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the email/username argument leads to SQL injection. It is...

CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

CVE-2025-32442

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...

CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

PT-2025-18723 · Unknown · Pcman Ftp Server

Name of the Vulnerable Software and Affected Versions: PCMan FTP Server version 2.0.7 Description: A critical issue was found in the BELL Command Handler component of PCMan FTP Server, leading to a buffer overflow. This can be exploited remotely. The issue has been publicly disclosed and may be...

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

CVE-2025-22038

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero numsubauth before subauth is accessed Access psid-subauthpsid-numsubauth - 1 without checking if numsubauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure numsubauth !...

CVE-2024-53259 affecting package coredns for versions less than 1.11.4-1

CVE-2024-53259 affecting package coredns for versions less than 1.11.4-1. A patched version of the package is available...

CVE-2024-10089

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context. This vulnerability has...

CVE-2025-22073

CVE-2025-22073 concerns the Linux kernel spufs subsystem. The issue is a leak in spufs_new_file() on failure during spufs_fill_dir(), where the caller proceeds to spufs_rmdir() to clean up, but the resulting dentry remains negative and must be explicitly dropped. The vulnerability is resolved in ...

PT-2025-16788 · Wxwidgets +2 · Wxwidgets +2

Name of the Vulnerable Software and Affected Versions: wxWidgets versions prior to 3.2.7 Description: A crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. Recommendations: For versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue...