PT-2025-47677

The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image height' and 'image width' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Revive Adserver: Username Validation Bypass

Cricetinae Executive Summary The security patch in commit d239a0845e4f64fbacd25fff2854426734d43aa2 is INSUFFICIENT. Testing confirms that 3 out of 4 exploit vectors still bypass validation. --- Vulnerability Details Affected Component: Username validation in user registration/creation File:...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to unsigned integer underflow and division-by-zero conditions in the CLAHEImage function when tile width or height is zero, which allows an attacker to trigger out-of-bounds memory access or application crashes by...

pwm: berlin: Fix wrong register in suspend/resume

...

SUSE CVE-2025-40165

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

CVE-2025-40165

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

CVE-2025-40165

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

CVE-2025-40165 media: nxp: imx8-isi: m2m: Fix streaming cleanup on release

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

CVE-2025-40165

CVE-2025-40165 concerns the Linux kernel driver media: nxp: imx8-isi for M2M streaming. If streamon/streamoff calls are imbalanced (e.g., exiting with Ctrl+C), m2m usage_count may not drop to zero and the ISI channel may not be freed, with an additional WARN_ON triggered when input width exceeds ...

CVE-2025-11860

The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...

kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject mismatching sum of fieldlen with set key length The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the...

kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject mismatching sum of fieldlen with set key length The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the...

CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...

WordPress plugin Twitter Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-46257

Name of the Vulnerable Software and Affected Versions Twitter Feed plugin for WordPress versions up to and including 1.3.1 Description The Twitter Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ottwitter feed' shortcode. This occurs because the plugin does no...

PT-2025-48986

Name of the Vulnerable Software and Affected Versions Qt versions 5.0.0 through 6.5.10 Qt versions 6.6.0 through 6.8.5 Qt versions 6.9.0 through 6.10.0 Description A flaw exists in Qt’s Text component that involves improper validation of the width and height specified in the tag. This can lead to...

ImageMagick < 7.1.2-8 DoS (GHSA-wpp4-vqfq-v4hp)

The remote host has a version of ImageMagick installed that is prior to prior to 7.1.2-8. It is, therefore, affected by denial of service vulnerability as referenced in GHSA-wpp4-vqfq-v4hp advisory. - ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick...

GHSA-WPP4-VQFQ-V4HP ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)

Summary A single root cause in the CLAHE implementation — tile width/height becoming zero — produces two distinct but related unsafe behaviors. Vulnerabilities exists in the CLAHEImage function of ImageMagick’s MagickCore/enhance.c. 1. Unsigned integer underflow → out-of-bounds pointer arithmetic...

UBUNTU-CVE-2025-62594

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow...

CVE-2025-62594 ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow...