A new feature on the social media platform formerly known as Twitter allows users to see the location of other
Vulnerabilities
CVE-2020-36871 | ESCAM QD-900 WIFI HD Camera Endpoint backup.cgi missing authentication (EDB-48107)
A vulnerability was found in ESCAM QD-900 WIFI HD Camera. It has been rated as critical. This vulnerability affects unknown
CVE-2025-65670 | classroomio 0.1.13 resource injection
A vulnerability categorized as problematic has been discovered in classroomio 0.1.13. This issue affects some unknown processing. Such manipulation leads
CVE-2025-64331 | OISF Suricata up to 7.0.12/8.0.1 HTTP File Transfer stack-based overflow (GHSA-v32w-j79x-pfj2)
A vulnerability identified as critical has been detected in OISF Suricata up to 7.0.12/8.0.1. Impacted is an unknown function of
CVE-2025-64344 | OISF Suricata up to 7.0.12/8.0.1 HTTP Response stack-based overflow (GHSA-93fh-cgmc-w3rx)
A vulnerability labeled as critical has been found in OISF Suricata up to 7.0.12/8.0.1. The affected element is an unknown
CVE-2025-64333 | OISF Suricata up to 7.0.12/8.0.1 HTTP Content Type stack-based overflow (GHSA-537h-xxmx-v87m)
A vulnerability marked as critical has been reported in OISF Suricata up to 7.0.12/8.0.1. The impacted element is an unknown
CVE-2025-40934 | TIMLEGGE XML::Sig up to 0.67 on Perl signature verification (Issue 63)
A vulnerability described as problematic has been identified in TIMLEGGE XML::Sig up to 0.67 on Perl. This affects an unknown
CVE-2025-64334 | OISF Suricata up to 8.0.1 Decompression allocation of resources (GHSA-r5jf-v2gx-gx8w)
A vulnerability classified as problematic has been found in OISF Suricata up to 8.0.1. This impacts an unknown function of
CVE-2020-36872 | BACnet Test Server up to 1.01 Packet resource consumption (ID 159504 / EDB-48860)
A vulnerability classified as problematic was found in BACnet Test Server up to 1.01. Affected is an unknown function of
CVE-2025-66030 | digitalbazaar forge up to 1.3.1 integer overflow (GHSA-65ch-62r8-g69g)
A vulnerability, which was classified as problematic, has been found in digitalbazaar forge up to 1.3.1. Affected by this vulnerability
CVE-2025-66031 | digitalbazaar forge up to 1.3.1 recursion (GHSA-554w-wpv2-vw27)
A vulnerability, which was classified as problematic, was found in digitalbazaar forge up to 1.3.1. Affected by this issue is
CVE-2025-12571 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 Requests allocation of resources (Issue 579168)
A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0 and classified as problematic. This
CVE-2025-12653 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 authentication spoofing (Issue 579372)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0 and classified as critical. This vulnerability
CVE-2025-13611 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 log file (Issue 545947)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0. It has been classified as problematic.
CVE-2025-6195 | GitLab Enterprise Edition up to 18.4.4/18.5.2/18.6.0 direct request (Issue 549937)
A vulnerability was found in GitLab Enterprise Edition up to 18.4.4/18.5.2/18.6.0. It has been declared as problematic. Impacted is an
CVE-2025-7449 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 HTTP Response allocation of resources (Issue 554938)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0. It has been rated as problematic.
CVE-2025-66040 | spotipy-dev spotipy up to 2.25.1 cross site scripting (GHSA-r77h-rpp9-w2xm)
A vulnerability categorized as problematic has been discovered in spotipy-dev spotipy up to 2.25.1. The impacted element is an unknown
CVE-2025-64330 | OISF Suricata up to 7.0.12/8.0.1 heap-based overflow (GHSA-83v7-gm34-f437)
A vulnerability identified as critical has been detected in OISF Suricata up to 7.0.12/8.0.1. This affects an unknown function. The
CVE-2025-64332 | OISF Suricata up to 7.0.12/8.0.1 Decompression stack-based overflow (GHSA-p32q-7wcp-gv92)
A vulnerability labeled as critical has been found in OISF Suricata up to 7.0.12/8.0.1. This impacts an unknown function of
CVE-2025-0657 | Automated Logic WebCtrl up to 8.5 drv_gen5_106 array index
A vulnerability marked as critical has been reported in Automated Logic WebCtrl up to 8.5. Affected is the function drv_gen5_106.
CVE-2025-64335 | OISF Suricata up to 8.0.1 base64_data null pointer dereference (GHSA-v299-h7p3-q4f2)
A vulnerability described as problematic has been identified in OISF Suricata up to 8.0.1. Affected by this vulnerability is the
CVE-2024-5539 | Automated Logic WebCTRL up to 8.5 authorization
A vulnerability classified as problematic has been found in Automated Logic WebCTRL up to 8.5. Affected by this issue is
CVE-2025-0658 | Automated Logic/Carrier Zone Controllers prior 6.06-101 BACnet Protocol denial of service
A vulnerability classified as problematic was found in Automated Logic/Carrier Zone Controllers. This affects an unknown part of the component
CVE-2024-5540 | Automated Logic WebCTRL 6.0/6.1/6.5/7.0 Login Panel cross site scripting
A vulnerability, which was classified as problematic, has been found in Automated Logic WebCTRL 6.0/6.1/6.5/7.0. This vulnerability affects unknown code
CVE-2025-50433 | imonnit 2025-04-24 password recovery
A vulnerability, which was classified as critical, was found in imonnit 2025-04-24. This issue affects some unknown processing. The manipulation
CVE-2025-66035 | Angular up to 19.2.15/20.3.13/21.0.0 insertion of sensitive information into sent data (GHSA-58c5-g7wp-6w37)
A vulnerability has been found in Angular up to 19.2.15/20.3.13/21.0.0 and classified as problematic. Impacted is an unknown function. This
CVE-2025-12584 | ShapedPlugin Quick View for WooCommerce Plugin up to 2.2.17 on WordPress AJAX Endpoint wqv_popup_content information disclosure
A vulnerability was found in ShapedPlugin Quick View for WooCommerce Plugin up to 2.2.17 on WordPress and classified as problematic.
CVE-2025-12971 | Folders Plugin up to 3.1.5 on WordPress wcp_change_post_folder
A vulnerability was found in Folders Plugin up to 3.1.5 on WordPress. It has been classified as critical. The impacted
CVE-2025-13536 | Blubrry PowerPress Plugin up to 11.15.2 on WordPress powerpress_edit_post unrestricted upload
A vulnerability was found in Blubrry PowerPress Plugin up to 11.15.2 on WordPress. It has been declared as critical. This
CVE-2025-66314 | ZTE ElasticNet UME R32 16.23.20.04 on Linux privileges management
A vulnerability was found in ZTE ElasticNet UME R32 16.23.20.04 on Linux. It has been rated as problematic. This impacts
CVE-2025-13381 | Ays AI ChatBot with ChatGPT and Content Generator Plugin ays_chatgpt_save_wp_media authorization
A vulnerability categorized as critical has been discovered in Ays AI ChatBot with ChatGPT and Content Generator Plugin up to
CVE-2025-10476 | WP Fastest Cache Plugin up to 1.4.0 on WordPress wpfc_db_fix_callback authorization
A vulnerability identified as problematic has been detected in WP Fastest Cache Plugin up to 1.4.0 on WordPress. Affected by
CVE-2025-13692 | Unlimited Elements for Elementor Plugin up to 2.0 on WordPress SVG File Parser cross site scripting
A vulnerability labeled as problematic has been found in Unlimited Elements for Elementor Plugin up to 2.0 on WordPress. Affected
CVE-2025-13378 | Ays AI ChatBot with ChatGPT and Content Generator Plugin ays_chatgpt_pinecone_upsert server-side request forgery
A vulnerability marked as critical has been reported in Ays AI ChatBot with ChatGPT and Content Generator Plugin up to
CVE-2025-13700 | DreamFactory saveZipFile command injection (ZDI-25-1024)
A vulnerability described as critical has been identified in DreamFactory. This vulnerability affects the function saveZipFile. Executing manipulation can lead
CVE-2025-13703 | VIPRE Advanced Security permission (ZDI-25-1023)
A vulnerability classified as critical has been found in VIPRE Advanced Security. This issue affects some unknown processing. The manipulation
SUSE Addresses Important CVE-2025-10911 Denial of Service Vulnerabilities
* bsc#1250553 * bsc#1251979 Cross-References: * CVE-2025-10911LinuxSecurity – Security AdvisoriesRead More
SUSE: TIFF Important Memory Leak Buffer Overflow CVE-2025-8961 2025:21009-1
* bsc#1243503 * bsc#1247106 * bsc#1247108 * bsc#1247581 * bsc#1247582LinuxSecurity – Security AdvisoriesRead More
SUSE: openexr Moderate Memory Issue Fix CVE-2025-64181 2025:21014-1
* bsc#1253233 Cross-References: * CVE-2025-64181LinuxSecurity – Security AdvisoriesRead More
SUSE: expat Important Memory Management DoS Issue 2025:21006-1
* bsc#1249584 Cross-References: * CVE-2025-59375LinuxSecurity – Security AdvisoriesRead More
SUSE: Samba Critical Command Injection Fix Advisory 2025:21005-1
* bsc#1249087 * bsc#1249179 * bsc#1249180 * bsc#1249181 * bsc#1251279LinuxSecurity – Security AdvisoriesRead More
Critical DoS Vulnerabilities in Python for Ubuntu 25.10 USN-7886-2
Several security issues were fixed in Python.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: cloudflared Moderate Vuln 2025:15763-1
An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: gnutls Moderate CVE-2025-9820 Security Advisory 2025:15765-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS: Rust-Openssl Critical DoS Issues USN-7891-1
Several security issues were fixed in rust-openssl.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04 LTS EDK II Critical Denial of Service Flaws USN-7894-1
Several security issues were fixed in EDK II.LinuxSecurity – Security AdvisoriesRead More
openSUSE: python311 Low Threat Update CVE-2025-6075 Advisory 2025:4257-1
* bsc#1251305 * bsc#1252974 Cross-References: * CVE-2025-6075LinuxSecurity – Security AdvisoriesRead More
openSUSE: Advisory for openbao Regarding Moderate CVE-2025-64761
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-65669 | classroomio 0.1.13 Explore Page improper authorization
A vulnerability described as critical has been identified in classroomio 0.1.13. Impacted is an unknown function of the component Explore
CVE-2025-55469 | youlai-boot 2.21.1 Administrator Backend access control
A vulnerability described as critical has been identified in youlai-boot 2.21.1. This affects an unknown part of the component Administrator
CVE-2025-11461 | Frappe CRM 1.53.1 Dashboard Controller sql injection
A vulnerability classified as critical has been found in Frappe CRM 1.53.1. This vulnerability affects unknown code of the component
CVE-2025-20373 | Splunk Add-on for Palo Alto Networks up to 2.0.1 Internal Index log file (SVD-2025-1105)
A vulnerability classified as problematic was found in Splunk Add-on for Palo Alto Networks up to 2.0.1. This issue affects
CVE-2025-66028 | oneuptime up to 8.0.5566 Login Response Manipulation isMasterAdmin access control
A vulnerability, which was classified as critical, has been found in oneuptime up to 8.0.5566. Impacted is an unknown function
CVE-2025-65966 | oneuptime 9.0.5598 API Request improper authorization
A vulnerability, which was classified as critical, was found in oneuptime 9.0.5598. The affected element is an unknown function of
CVE-2025-55471 | youlai-boot 2.21.1 getUserFormData access control
A vulnerability has been found in youlai-boot 2.21.1 and classified as problematic. The impacted element is the function getUserFormData. This
CVE-2025-26155 | NCP Secure Enterprise Client untrusted search path
A vulnerability was found in NCP Secure Enterprise Client and Secure Entry Windows Client and classified as problematic. This affects
CVE-2025-65672 | classroomio 0.1.13 Course Setting resource injection
A vulnerability was found in classroomio 0.1.13. It has been classified as critical. This impacts an unknown function of the
CVE-2021-4472 | mistral-dashboard Plugin on Openstack Create Workbook file inclusion
A vulnerability was found in mistral-dashboard Plugin on Openstack. It has been declared as problematic. Affected is an unknown function
CVE-2025-65676 | Classroomio LMS 0.1.13 SVG Cover Image cross site scripting
A vulnerability was found in Classroomio LMS 0.1.13. It has been rated as problematic. Affected by this vulnerability is an
CVE-2025-65675 | Classroomio LMS 0.1.13 SVG Profile Picture cross site scripting
A vulnerability categorized as problematic has been discovered in Classroomio LMS 0.1.13. Affected by this issue is some unknown functionality
CVE-2025-65681 | Overhang tutor 20.0.2 information disclosure
A vulnerability identified as problematic has been detected in Overhang tutor 20.0.2. This affects an unknown part. This manipulation causes
CVE-2025-13441 | Hide Category by User Role for WooCommerce Plugin up to 2.3.1 on WordPress wp_cache_flush authorization
A vulnerability labeled as critical has been found in Hide Category by User Role for WooCommerce Plugin up to 2.3.1
CVE-2025-13157 | QODE Wishlist for WooCommerce Plugin up to 1.2.7 on WordPress resource injection
A vulnerability marked as critical has been reported in QODE Wishlist for WooCommerce Plugin up to 1.2.7 on WordPress. This
openSUSE: dpdk Moderate Buffer Overflow Fix CVE-2025-23259 2025:4254-1
* bsc#1254161 Cross-References: * CVE-2025-23259LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 15.6: sssd Important Privilege Escalation CVE-2025-11561
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: sssd Important Privilege Escalation Fix CVE-2025-11561 2025:4247-1
* bsc#1251827 Cross-References: * CVE-2025-11561LinuxSecurity – Security AdvisoriesRead More
SUSE: buildah Key Client Process Fix CVE-2025-47913 Advisory 2025:4245-1
* bsc#1253598 Cross-References: * CVE-2025-47913LinuxSecurity – Security AdvisoriesRead More
openSUSE: Buildah Critical Client Termination Patch for CVE-2025-47913
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: Amazon SSM Agent Critical Bug Fix for CVE-2025-47913 Advisory
* bsc#1253611 Cross-References: * CVE-2025-47913LinuxSecurity – Security AdvisoriesRead More
CVE-2025-65236 | Opencode USSD Gateway OC index.php Session ID sql injection
A vulnerability classified as critical has been found in Opencode USSD Gateway OC. Affected by this vulnerability is an unknown
CVE-2025-2486 | Ubuntu edk2 up to 2024.02-2ubuntu0.2/2024.05-2ubuntu0.2 on aarch64 debug code
A vulnerability classified as critical was found in Ubuntu edk2 up to 2024.02-2ubuntu0.2/2024.05-2ubuntu0.2 on aarch64. Affected by this issue is
CVE-2025-65238 | OpenCode USSD Gateway OC 6.13.11 getSubUsersByProvider access control
A vulnerability, which was classified as problematic, has been found in OpenCode USSD Gateway OC 6.13.11. This affects the function
CVE-2025-65237 | Opencode USSD Gateway OC cross site scripting
A vulnerability, which was classified as problematic, was found in Opencode USSD Gateway OC. This vulnerability affects unknown code. Executing
CVE-2025-65235 | OpenCode USSD Gateway OC 6.13.11 getSubUsersByProvider ID sql injection
A vulnerability has been found in OpenCode USSD Gateway OC 6.13.11 and classified as critical. This issue affects the function
CVE-2025-13675 | Tiger Plugin up to 101.2.1 on WordPress paypal-submit.php Remote Code Execution
A vulnerability was found in Tiger Plugin up to 101.2.1 on WordPress and classified as critical. Impacted is an unknown
CVE-2025-7820 | SKT PayPal for WooCommerce Plugin up to 1.4 on WordPress Payment Remote Code Execution
A vulnerability was found in SKT PayPal for WooCommerce Plugin up to 1.4 on WordPress. It has been classified as
CVE-2025-13540 | Tiare Membership Plugin up to 1.2 on WordPress tiare_membership_init_rest_api_register Remote Code Execution
A vulnerability was found in Tiare Membership Plugin up to 1.2 on WordPress. It has been declared as critical. The
CVE-2025-12123 | Customer Reviews Collector for WooCommerce Plugin up to 4.6.1 on WordPress text cross site scripting
A vulnerability was found in Customer Reviews Collector for WooCommerce Plugin up to 4.6.1 on WordPress. It has been rated
CVE-2025-13143 | Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin disconnect_account_action cross-site request forgery
A vulnerability categorized as problematic has been discovered in Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin up
CVE-2025-12151 | Simple Folio Plugin up to 1.1.0 on WordPress portfolio_name cross site scripting
A vulnerability identified as problematic has been detected in Simple Folio Plugin up to 1.1.0 on WordPress. Affected is an
CVE-2025-12185 | StaffList Plugin up to 3.2.6 on WordPress Admin Setting cross site scripting
A vulnerability labeled as problematic has been found in StaffList Plugin up to 3.2.6 on WordPress. Affected by this vulnerability
CVE-2025-13525 | WP Directory Kit Plugin up to 1.4.5 on WordPress order_by cross site scripting
A vulnerability marked as problematic has been reported in WP Directory Kit Plugin up to 1.4.5 on WordPress. Affected by
CVE-2025-65239 | OpenCode USSD Gateway OC 6.13.11 /aux1/ocussd/trace access control
A vulnerability was found in OpenCode USSD Gateway OC 6.13.11. It has been rated as critical. Impacted is an unknown
CVE-2025-46175 | y_project RuoYi 4.8.0 SysUserController.java authRole access control
A vulnerability categorized as critical has been discovered in y_project RuoYi 4.8.0. The affected element is the function authRole of
CVE-2025-63938 | Tinyproxy up to 1.11.2 src/reqs.c strip_return_port integer overflow
A vulnerability identified as critical has been detected in Tinyproxy up to 1.11.2. The impacted element is the function strip_return_port
CVE-2025-13539 | FindAll Membership Plugin up to 1.0.4 on WordPress Social Login findall_membership_check_google_user improper authentication
A vulnerability labeled as critical has been found in FindAll Membership Plugin up to 1.0.4 on WordPress. This affects the
CVE-2025-13538 | FindAll Listing Plugin up to 1.0.5 on WordPress Remote Code Execution
A vulnerability marked as critical has been reported in FindAll Listing Plugin up to 1.0.5 on WordPress. This impacts the
CVE-2025-13680 | Tiger Plugin up to 101.2.1 on WordPress set_role privilege escalation
A vulnerability described as critical has been identified in Tiger Plugin up to 101.2.1 on WordPress. Affected is the function
CVE-2025-45311 | fail2ban-client 0.11.2 permission
A vulnerability, which was classified as critical, has been found in fail2ban-client 0.11.2. Affected is an unknown function. This manipulation
CVE-2025-62354 | cursor up to 1.x os command injection
A vulnerability, which was classified as critical, was found in cursor up to 1.x. Affected by this vulnerability is an
CVE-2025-50402 | FAST FAC1200R F400_FAC1200R_Q sub_80435780 fac_password buffer overflow
A vulnerability has been found in FAST FAC1200R F400_FAC1200R_Q and classified as critical. Affected by this issue is the function
CVE-2025-46174 | y_project RuoYi 4.8.0 SysUserController.java resetPwd access control
A vulnerability was found in y_project RuoYi 4.8.0 and classified as critical. This affects the function resetPwd of the file
CVE-2025-56396 | y_project RuoYi 4.8.1 privilege escalation
A vulnerability was found in y_project RuoYi 4.8.1. It has been classified as critical. This vulnerability affects unknown code. The
CVE-2025-50399 | FAST FAC1200R F400_FAC1200R_Q sub_80435780 Password buffer overflow
A vulnerability was found in FAST FAC1200R F400_FAC1200R_Q. It has been declared as critical. This issue affects the function sub_80435780.
openSUSE: Kernel Important Bluetooth Disconnect Flaw 2025:4242-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Enterprise 15 SP4: 2025:4242-1 Important Bluetooth Threat Fix
* bsc#1251983 Cross-References: * CVE-2023-53673LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 16.0: 573 Critical Kernel Vulnerabilities Found 2025-20081-1
An update that solves 573 vulnerabilities and has 669 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS: Linux Real-Time Kernel Critical Problems USN-7889-3
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04: Linux Kernel Critical Security Update USN-7889-2
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS: Kernel Severity Critical Data Integrity Threat USN-7879-3
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13601 | glib g_escape_uri_string integer overflow
A vulnerability was found in glib. It has been rated as problematic. This affects the function g_escape_uri_string. The manipulation leads