ALSA-2025:4263 Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

CVE-2025-27309

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeannot Muller flickr-slideshow-wrapper flickr-slideshow-wrapper allows Stored XSS.This issue affects flickr-slideshow-wrapper: from n/a through = 5.4.6...

Malicious code in @sporta-technology/d11-web-components.bit-theme-wrapper (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-27309

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeannot Muller flickr-slideshow-wrapper flickr-slideshow-wrapper allows Stored XSS.This issue affects flickr-slideshow-wrapper: from n/a through = 5.4.6...

CVE-2025-27309 WordPress flickr-slideshow-wrapper Plugin <= 5.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeannot Muller flickr-slideshow-wrapper flickr-slideshow-wrapper allows Stored XSS.This issue affects flickr-slideshow-wrapper: from n/a through = 5.4.6...

CVE-2025-27309

CVE-2025-27309 concerns WordPress plugin flickr-slideshow-wrapper (

PT-2025-17064 · Unknown · Flickr-Slideshow-Wrapper

Name of the Vulnerable Software and Affected Versions: flickr-slideshow-wrapper versions through 5.4.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

WordPress plugin flickr-slideshow-wrapper 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Server-side Request Forgery (SSRF)

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the requests wrapper. An attacker can manipulate the request process to access unauthorized data or interact with internal services by...

CVE-2025-31490 AutoGPT allows SSRF due to DNS Rebinding in requests wrapper

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardenin...

CVE-2025-31490 AutoGPT allows SSRF due to DNS Rebinding in requests wrapper

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardenin...

AutoGPT 代码问题漏洞

AutoGPT is a tool from AutoGPT Open Source. Used to enable everyone to use and build accessible AI. A code issue vulnerability exists in versions of AutoGPT prior to 0.6.1 that stems from a DNS rebinding issue in the request wrapper, which could lead to server-side request forgery...

Moodle 4.3.x < 4.3.5 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

Moodle 4.1.x < 4.1.11 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

Moodle 4.2.x < 4.2.8 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

Streams HTTP wrapper does not fail for headers with invalid name and no colon

...

Stream HTTP wrapper truncates redirect location to 1024 bytes

...

Header parser of http stream wrapper does not handle folded headers

...

Stream HTTP wrapper header check might omit basic auth header

...

Important: php8.3

Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 https://www.tenable.com/cve/CVE-2024-11235 Version This vulnerability is present only in PHP 8.3+. The PHP 8.2 and versions before are not impacted. CVE-2024-11235 Header parser of http stream wrapper doe...