WordPress GB Forms DB plugin <= 1.0.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by CVEhunter in WordPress Plugin GB Forms DB versions = 1.0.2...

CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...

ALPINE-CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4. A patched version of the package is available...

CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9

CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9. A patched version of the package is available...

CVE-2025-46836 affecting package net-tools for versions less than 2.10-4

CVE-2025-46836 affecting package net-tools for versions less than 2.10-4. A patched version of the package is available...

CVE-2021-44964 affecting package ntopng for versions less than 5.2.1-3

CVE-2021-44964 affecting package ntopng for versions less than 5.2.1-3. A patched version of the package is available...

CVE-2023-51258 affecting package yasm for versions less than 1.3.0-16

CVE-2023-51258 affecting package yasm for versions less than 1.3.0-16. A patched version of the package is available...

CVE-2024-35790 affecting package kernel for versions less than 5.15.184.1-1

CVE-2024-35790 affecting package kernel for versions less than 5.15.184.1-1. A patched version of the package is available...

CVE-2025-38348

The CVE-2025-38348 issue is in the Linux kernel wifi driver for the Intersil p54 interface. A malicious USB device could cause a buffer over-read in p54_rx_eeprom_readback() by tampering v1/v2 eeprom length fields, potentially crashing the host. A patch was applied to store the eeprom size in the...

CVE-2025-38278 octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TCHTBLEAFDELLAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marki...

PT-2025-28827

Name of the Vulnerable Software and Affected Versions: plan9port versions prior to 9da5b44 Description: A critical vulnerability exists in the edump function within the /src/plan9port/src/libsec/port/x509.c library. Manipulation of this function leads to a heap-based buffer overflow. The exploit...

apache2-mod_security2-2.9.11-1.1 on GA media (moderate)

apache2-modsecurity2-2.9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15313-1 Rating: moderate Cross-References: CVE-2025-52891 CVSS scores: CVE-2025-52891 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-52891 SUSE : 8.2...

CVE-2025-53106

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

CVE-2025-38206 exfat: fix double free in delayed_free

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayedfree The double free could happen in the following path. exfatcreateupcasetable exfatcreateupcasetable : return error exfatfreeupcasetable : free -volutbl exfatloaddefaultupcasetable : return erro...

Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM

Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers...

PT-2025-27882 · Woocommerce · Zoomit Woocommerce Shop Page Builder

Name of the Vulnerable Software and Affected Versions: ZoomIt WooCommerce Shop Page Builder versions 2.27.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder, which allows exploiting incorrectly configured access control...

CVE-2025-53367 DjVuLibre OOB-Write Vulnerability in MMRDecoder

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer...

CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...

CVE-2025-27153

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...