MGASA-2025-0301 – Updated apache packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Vulnerabilities
CVE-2025-36460 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver buffer access with incorrect length value (dsa-2025-228)
A vulnerability has been found in Dell ControlVault3 and ControlVault3 Plus and classified as critical. This affects an unknown part
CVE-2025-32089 | Dell ControlVault3/ControlVault3 Plus ControlVault CvManager_SBI buffer overflow (dsa-2025-228)
A vulnerability was found in Dell ControlVault3 and ControlVault3 Plus and classified as critical. This vulnerability affects the function CvManager_SBI
CVE-2025-6599 | Zyxel DX3301-T0 up to 5.50(ABVY.6.3)C0 Web Management Interface resource consumption
A vulnerability was found in Zyxel DX3301-T0 up to 5.50(ABVY.6.3)C0. It has been classified as problematic. This issue affects some
CVE-2025-8693 | Zyxel DX3300-T0 up to 5.50(ABVY.6.3)C0 priv os command injection
A vulnerability was found in Zyxel DX3300-T0 up to 5.50(ABVY.6.3)C0. It has been declared as critical. Impacted is an unknown
CVE-2025-31361 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver uninitialized resource (dsa-2025-228)
A vulnerability was found in Dell ControlVault3 and ControlVault3 Plus. It has been rated as problematic. The affected element is
CVE-2025-36553 | Dell ControlVault3/ControlVault3 Plus ControlVault CvManager buffer overflow (dsa-2025-228)
A vulnerability categorized as critical has been discovered in Dell ControlVault3 and ControlVault3 Plus. The impacted element is the function
CVE-2025-64766 | NixOS nixpkgs up to 25.4/25.10 hard-coded credentials (GHSA-58m4-5wg3-5g5v)
A vulnerability identified as critical has been detected in NixOS nixpkgs up to 25.4/25.10. This affects an unknown function. The
CVE-2025-52457 | Gallagher HBUS Devices timing discrepancy
A vulnerability labeled as problematic has been found in Gallagher HBUS Devices. This impacts an unknown function. The manipulation results
CVE-2025-64734 | Gallagher T21 Reader release of resource
A vulnerability marked as problematic has been reported in Gallagher T21 Reader. Affected is an unknown function. This manipulation causes
CVE-2025-52578 | Gallagher High Sec End of Line Module prng seed
A vulnerability described as problematic has been identified in Gallagher High Sec End of Line Module. Affected by this vulnerability
CVE-2025-12792 | Canva up to 1.117.0 on macOS default permission
A vulnerability classified as critical has been found in Canva up to 1.117.0 on macOS. Affected by this issue is
CVE-2025-12545 | Pixel Manager for WooCommerce Plugin up to 1.49.2 on WordPress ajax_pmw_get_product_ids information disclosure
A vulnerability classified as problematic was found in Pixel Manager for WooCommerce Plugin up to 1.49.2 on WordPress. This affects
CVE-2025-13069 | Enable SVG, WebP, and ICO Upload Plugin up to 1.1.2 on WordPress ICO File unrestricted upload
A vulnerability, which was classified as critical, has been found in Enable SVG, WebP, and ICO Upload Plugin up to
CVE-2025-12955 | delabon Live Sales Notification for Woocommerce Plugin up to 2.3.39 on WordPress Customer Information getOrders authorization
A vulnerability, which was classified as problematic, was found in delabon Live Sales Notification for Woocommerce Plugin up to 2.3.39
CVE-2025-12481 | WP Duplicate Page Plugin up to 1.7 on WordPress saveSettings authorization
A vulnerability has been found in WP Duplicate Page Plugin up to 1.7 on WordPress and classified as problematic. Impacted
CVE-2025-13196 | Element Pack Addons for Elementor Plugin up to 8.3.4 on WordPress Street Map Widget render cross site scripting
A vulnerability was found in Element Pack Addons for Elementor Plugin up to 8.3.4 on WordPress and classified as problematic.
CVE-2025-11427 | WP Migrate Lite Plugin up to 2.7.6 on WordPress wpmdb_flush server-side request forgery
A vulnerability was found in WP Migrate Lite Plugin up to 2.7.6 on WordPress. It has been classified as critical.
CVE-2025-8084 | AI Engine Plugin up to 3.1.8 on WordPress rest_helpers_create_images server-side request forgery
A vulnerability was found in AI Engine Plugin up to 3.1.8 on WordPress. It has been declared as critical. This
CVE-2025-12376 | Icon List Block Plugin up to 1.2.1 on WordPress fs_api_request server-side request forgery
A vulnerability was found in Icon List Block Plugin up to 1.2.1 on WordPress. It has been rated as critical.
CVE-2025-13343 | SourceCodester Interview Management System 1.0 /editQuestion.php Question cross site scripting
A vulnerability categorized as problematic has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of
CVE-2025-13344 | SourceCodester Train Station Ticketing System 1.0 /ajax.php?action=login Username sql injection
A vulnerability identified as critical has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is
CVE-2025-13345 | SourceCodester Train Station Ticketing System 1.0 ajax.php?action=save_ticket sql injection
A vulnerability labeled as critical has been found in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is
CVE-2025-13346 | SourceCodester Train Station Ticketing System 1.0 ajax.php?action=save_station id/station sql injection
A vulnerability marked as critical has been reported in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part
CVE-2025-13347 | SourceCodester Train Station Ticketing System 1.0 ajax.php?action=save_user Username sql injection
A vulnerability described as critical has been identified in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code
Fedora 41: FVWM3 Critical Update for Command Injection CVE-2025-47906
FVWM3 ver. 1.1.4LinuxSecurity – Security AdvisoriesRead More
Fedora 42: fvwm3 Critical CVE-2025-47906 Window Manager Update
FVWM3 ver. 1.1.4LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Advisory on Chromium CVE-2025-13042 High Risk Vulnerability
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8LinuxSecurity – Security AdvisoriesRead More
Mageia 9: Bug Fix Advisory MGAA-2025-0097 for VirtualBox KVM Conflict
MGAA-2025-0097 – Updated virtualbox & kmod-virtualbox packages fix bugLinuxSecurity – Security AdvisoriesRead More
Debian 11: Libwebsockets Critical DoS and Buffer Overflow DLA-4373-1
Libwebsockets (LWS) is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using
Mageia 9: MGAA-2025-0099 Bugfix on Updated Packages with ICU 73
MGAA-2025-0099 – Updated packages using updated icu to fix bugLinuxSecurity – Security AdvisoriesRead More
Mageia 9: python-packaging Bugfix for Playback Issue MGAA-2025-0098
MGAA-2025-0098 – Updated python-packaging, python-hatchling & yt-dlp packages fix bugLinuxSecurity – Security AdvisoriesRead More
Mageia 9 Gnome-Builder Bug Fix Release Notice MGAA-2025-0100
MGAA-2025-0100 – Updated gnome-builder, gnucash, kdeplasma-addons, evolution-data-server, kbibtex, geary packages fix bugLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Firefox High Spoofing Race Condition Fix MGASA-2025-0300
MGASA-2025-0300 – Updated firefox packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
CVE-2024-44658 | PHPGurukul Complaint Management System 2.0 subcategory.php subcategory/category sql injection
A vulnerability marked as critical has been reported in PHPGurukul Complaint Management System 2.0. The affected element is an unknown
CVE-2024-44663 | PHPGurukul Online Shopping Portal 2.0 search-result.php Product sql injection
A vulnerability described as critical has been identified in PHPGurukul Online Shopping Portal 2.0. The impacted element is an unknown
CVE-2024-44659 | PHPGurukul Online Shopping Portal 2.0 forgot-password.php email sql injection
A vulnerability classified as critical has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown function of
CVE-2024-44664 | PHPGurukul Online Shopping Portal 2.0 product-details.php name/summary/review/quality/price/value sql injection
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This impacts an unknown function of the
CVE-2025-58407 | Imagination Graphics DDK up to 25.1 RTM1/25.2 RTM1 toctou
A vulnerability, which was classified as critical, has been found in Imagination Graphics DDK up to 25.1 RTM1/25.2 RTM1. Affected
CVE-2025-64342 | Espressif ESP-IDF up to 5.1.6/5.2.5/5.3.4/5.4.2/5.5.1 unusual condition (GHSA-8mg7-9qpg-p92v)
A vulnerability, which was classified as problematic, was found in Espressif ESP-IDF up to 5.1.6/5.2.5/5.3.4/5.4.2/5.5.1. Affected by this vulnerability is
CVE-2025-64756 | isaacs node-glob up to 11.0.x -c/–cmd os command injection (GHSA-5j98-mcp5-4vw2)
A vulnerability has been found in isaacs node-glob up to 11.0.x and classified as critical. Affected by this issue is
CVE-2025-64758 | DependencyTrack Frontend up to 4.13.5 cross site scripting (GHSA-7xvh-c266-cfr5)
A vulnerability was found in DependencyTrack Frontend up to 4.13.5 and classified as problematic. This affects an unknown part. Executing
CVE-2025-34323 | Nagios Log Server up to 2024R2.0.3 permission assignment
A vulnerability was found in Nagios Log Server. It has been classified as critical. This vulnerability affects unknown code. The
CVE-2025-36299 | IBM Planning Analytics Local up to 2.1.14 sensitive information in source
A vulnerability was found in IBM Planning Analytics Local up to 2.1.14. It has been declared as problematic. This issue
CVE-2024-44655 | PHPGurukul Complaint Management System 2.0 user-search.php Search cross site scripting
A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as problematic. Impacted is an unknown
CVE-2024-46335 | PHPGurukul Complaint Management System 2.0 between-date-userreport.php fromdate/todate cross site scripting
A vulnerability categorized as problematic has been discovered in PHPGurukul Complaint Management System 2.0. The affected element is an unknown
CVE-2024-44661 | PHPGurukul Online Shopping Portal 2.0 my-cart.php quantity cross site scripting
A vulnerability identified as problematic has been detected in PHPGurukul Online Shopping Portal 2.0. The impacted element is an unknown
CVE-2025-55058 | Rumpus FTP Server 9.0.12 denial of service
A vulnerability labeled as problematic has been found in Rumpus FTP Server 9.0.12. This affects an unknown function. Executing manipulation
CVE-2025-55055 | Rumpus FTP Server 9.0.12 os command injection
A vulnerability marked as critical has been reported in Rumpus FTP Server 9.0.12. This impacts an unknown function. The manipulation
CVE-2025-55059 | Rumpus FTP Server 9.0.12 cross site scripting
A vulnerability described as problematic has been identified in Rumpus FTP Server 9.0.12. Affected is an unknown function. The manipulation
CVE-2025-55056 | Rumpus FTP Server 9.0.12 cross site scripting
A vulnerability classified as problematic has been found in Rumpus FTP Server 9.0.12. Affected by this vulnerability is an unknown
CVE-2025-55057 | Rumpus FTP Server 9.0.12 cross-site request forgery
A vulnerability classified as problematic was found in Rumpus FTP Server 9.0.12. Affected by this issue is some unknown functionality.
CVE-2025-12528 | Pie Forms for WP Plugin up to 1.6 on WordPress format_classic unrestricted upload
A vulnerability, which was classified as critical, has been found in Pie Forms for WP Plugin up to 1.6 on
CVE-2025-13088 | Category and Product Woocommerce Tabs Plugin up to 1.0 on WordPress categoryProductTab template file inclusion
A vulnerability, which was classified as critical, was found in Category and Product Woocommerce Tabs Plugin up to 1.0 on
CVE-2025-12639 | wModes Plugin up to 1.2.2 on WordPress AJAX Endpoint authorization
A vulnerability has been found in wModes Plugin up to 1.2.2 on WordPress and classified as problematic. This issue affects
CVE-2025-12411 | Premmerce Wholesale Pricing for WooCommerce Plugin admin-post.php sql injection
A vulnerability was found in Premmerce Wholesale Pricing for WooCommerce Plugin up to 1.1.10 on WordPress and classified as critical.
CVE-2025-12372 | Permalinks Cascade Plugin up to 2.2 on WordPress Setting handleTPCAdminAjaxRequest authorization
A vulnerability was found in Permalinks Cascade Plugin up to 2.2 on WordPress. It has been classified as problematic. The
CVE-2025-12392 | Cryptocurrency Payment Gateway for WooCommerce Plugin Status Update handle_optin_optout authorization
A vulnerability was found in Cryptocurrency Payment Gateway for WooCommerce Plugin up to 2.0.22 on WordPress. It has been declared
CVE-2025-12775 | WP Dropzone Plugin up to 1.1.0 on WordPress ajax_upload_handle unrestricted upload
A vulnerability was found in WP Dropzone Plugin up to 1.1.0 on WordPress. It has been rated as critical. This
CVE-2025-12524 | Post Type Switcher Plugin up to 4.0.0 on WordPress resource injection
A vulnerability categorized as problematic has been discovered in Post Type Switcher Plugin up to 4.0.0 on WordPress. This impacts
CVE-2025-11620 | Multiple Roles per User Plugin up to 1.0 on WordPress mrpu_add_multiple_roles_ui authorization
A vulnerability identified as critical has been detected in Multiple Roles per User Plugin up to 1.0 on WordPress. Affected
CVE-2025-12937 | ACF Flexible Layouts Manager Plugin up to 1.1.6 on WordPress acf_flm_update_template_with_pasted_layout authorization
A vulnerability labeled as problematic has been found in ACF Flexible Layouts Manager Plugin up to 1.1.6 on WordPress. Affected
CVE-2025-12961 | Download Panel Plugin up to 1.3.3 on WordPress Setting dlpn_save_settings authorization
A vulnerability marked as critical has been reported in Download Panel Plugin up to 1.3.3 on WordPress. Affected by this
CVE-2025-9625 | Coil Web Monetization Plugin up to 2.0.2 on WordPress maybe_restrict_content cross-site request forgery
A vulnerability described as problematic has been identified in Coil Web Monetization Plugin up to 2.0.2 on WordPress. This affects
CVE-2025-11265 | VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress vkExUnit_cta_url custom_field_name cross site scripting
A vulnerability classified as problematic has been found in VK All in One Expansion Unit Plugin up to 9.112.1 on
CVE-2025-4212 | WP Wham Checkout Files Upload for WooCommerce Plugin up to 2.2.1 on WordPress cross site scripting
A vulnerability classified as problematic was found in WP Wham Checkout Files Upload for WooCommerce Plugin up to 2.2.1 on
CVE-2025-8609 | Rometheme RTMKit Addons for Elementor Plugin up to 1.6.1/1.6.5 on WordPress Block Attribute cross site scripting
A vulnerability, which was classified as problematic, has been found in Rometheme RTMKit Addons for Elementor Plugin up to 1.6.1/1.6.5
CVE-2025-13133 | Simple User Import Export Plugin up to 1.1.7 on WordPress Import/Export csv injection
A vulnerability, which was classified as critical, was found in Simple User Import Export Plugin up to 1.1.7 on WordPress.
CVE-2025-11267 | VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress _veu_custom_css cross site scripting
A vulnerability has been found in VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress and classified
CVE-2025-11734 | AIOSEO Broken Link Checker Plugin up to 1.2.5 on WordPress REST API Endpoint aioseo_blc_broken_links_page authorization
A vulnerability was found in AIOSEO Broken Link Checker Plugin up to 1.2.5 on WordPress and classified as problematic. This
CVE-2025-12827 | Top Friends Plugin up to 0.3 on WordPress Setting top_friends_options_subpanel cross-site request forgery
A vulnerability was found in Top Friends Plugin up to 0.3 on WordPress. It has been classified as problematic. This
CVE-2025-8605 | Gutenify Plugin up to 1.5.9 on WordPress Block Attribute cross site scripting
A vulnerability was found in Gutenify Plugin up to 1.5.9 on WordPress. It has been declared as problematic. Affected is
CVE-2025-12391 | Restrictions for BuddyPress Plugin up to 1.5.2 on WordPress Status Update handle_optin_optout authorization
A vulnerability was found in Restrictions for BuddyPress Plugin up to 1.5.2 on WordPress. It has been rated as problematic.
CVE-2025-12823 | CSV to SortTable Plugin up to 4.2 on WordPress Shortcode csv cross site scripting
A vulnerability categorized as problematic has been discovered in CSV to SortTable Plugin up to 4.2 on WordPress. Affected by
CVE-2025-12078 | ArtiBot Free Chat Bot for WebSites Plugin up to 1.1.7 on WordPress cross site scripting
A vulnerability identified as problematic has been detected in ArtiBot Free Chat Bot for WebSites Plugin up to 1.1.7 on
CVE-2025-12457 | Enable SVG, WebP, and ICO Upload Plugin up to 1.1.2 on WordPress SVG File cross site scripting
A vulnerability labeled as problematic has been found in Enable SVG, WebP, and ICO Upload Plugin up to 1.1.2 on
CVE-2025-12691 | Photonic Gallery & Lightbox for Flickr, SmugMug & Others Plugin cross site scripting
A vulnerability marked as problematic has been reported in Photonic Gallery & Lightbox for Flickr, SmugMug & Others Plugin up
CVE-2025-12079 | WP Twitter Auto Publish Plugin up to 1.7.3 on WordPress cross site scripting
A vulnerability described as problematic has been identified in WP Twitter Auto Publish Plugin up to 1.7.3 on WordPress. Impacted
CVE-2025-11868 | everviz Plugin up to 1.1 on WordPress Shortcode cross site scripting
A vulnerability classified as problematic has been found in everviz Plugin up to 1.1 on WordPress. The affected element is
CVE-2025-12173 | WP Admin Microblog Plugin up to 3.1.1 on WordPress Message cross-site request forgery
A vulnerability classified as problematic was found in WP Admin Microblog Plugin up to 3.1.1 on WordPress. The impacted element
CVE-2025-12404 | Like-it Plugin up to 2.2 on WordPress Setting likeit_conf cross-site request forgery
A vulnerability, which was classified as problematic, has been found in Like-it Plugin up to 2.2 on WordPress. This affects
CVE-2025-12962 | Local Syndication Plugin up to 1.5a on WordPress Shortcode wp_remote_get url server-side request forgery
A vulnerability, which was classified as critical, was found in Local Syndication Plugin up to 1.5a on WordPress. This impacts
CVE-2025-12088 | Meta Display Block Plugin up to 1.0.0 on WordPress cross site scripting
A vulnerability has been found in Meta Display Block Plugin up to 1.0.0 on WordPress and classified as problematic. Affected
CVE-2025-12406 | Project Honey Pot Spam Trap Plugin up to 1.0.1 on WordPress Setting printAdminPage cross-site request forgery
A vulnerability was found in Project Honey Pot Spam Trap Plugin up to 1.0.1 on WordPress and classified as problematic.
CVE-2025-62519 | thorsten phpMyFAQ up to 4.0.13 sql injection (GHSA-fxm2-cmwj-qvx4 / EUVD-2025-197804)
A vulnerability categorized as critical has been discovered in thorsten phpMyFAQ up to 4.0.13. Affected by this vulnerability is an
CVE-2025-58410 | Imagination Graphics DDK up to 25.1 RTM2/25.2 RTM insufficient permissions or privileges (EUVD-2025-197806)
A vulnerability identified as problematic has been detected in Imagination Graphics DDK up to 25.1 RTM2/25.2 RTM. Affected by this
CVE-2024-44652 | Kashipara Ecommerce Website 1.0 user_register.php sql injection
A vulnerability labeled as critical has been found in Kashipara Ecommerce Website 1.0. This affects an unknown part of the
CVE-2025-13193 | libvirt default permission (Nessus ID 275514)
A vulnerability marked as critical has been reported in libvirt. This vulnerability affects unknown code. This manipulation causes incorrect default
CVE-2024-46334 | Kashipara School Management System 1.0 /adminLogin.php formpassword cross site scripting (EUVD-2024-55086)
A vulnerability described as problematic has been identified in Kashipara School Management System 1.0. This issue affects some unknown processing
CVE-2024-46336 | kashipara School Management System 1.0 feedback.php cross site scripting
A vulnerability classified as problematic has been found in kashipara School Management System 1.0. Impacted is an unknown function of
CVE-2025-13325 | itsourcecode Student Information System 1.0 /enrollment_edit1.php en_id sql injection
A vulnerability classified as critical was found in itsourcecode Student Information System 1.0. The affected element is an unknown function
Fortinet FortiWeb Auth. Bypass
Topic: Fortinet FortiWeb Auth. Bypass Risk: High Text:# Titles: Fortinet FortiWeb Auth. Bypass CVE-2025-64446 # Author: nu11secur1ty # Date: 11/15/2025
Windows CommandLineToArgvW Argument Parsing Vulnerability
Topic: Windows CommandLineToArgvW Argument Parsing Vulnerability Risk: High Text:# Titles: CVE‑2024‑3566 – 2025 Windows CommandLineToArgvW Argument Parsing Vulnerability # Author:
CVE-2025-63748 | QaTraq up to 6.9.2 Test Script unrestricted upload
A vulnerability was found in QaTraq up to 6.9.2. It has been declared as critical. The affected element is an
CVE-2025-65083 | Tinexta Infocert GoSign Desktop up to 2.4.1 ~/.gosign certificate validation
A vulnerability was found in Tinexta Infocert GoSign Desktop up to 2.4.1. It has been rated as critical. The impacted
CVE-2025-63747 | QaTraq 6.9.2 Login Page privilege escalation
A vulnerability categorized as critical has been discovered in QaTraq 6.9.2. This affects an unknown function of the component Login
CVE-2025-63916 | MyScreenTools 2.2.1.0 os command injection
A vulnerability identified as critical has been detected in MyScreenTools 2.2.1.0. This impacts an unknown function. Performing manipulation results in
CVE-2025-63708 | SourceCodester AI Font Matcher up to 2025-10-10 Webfonts API cross site scripting
A vulnerability labeled as problematic has been found in SourceCodester AI Font Matcher up to 2025-10-10. Affected is an unknown
CVE-2025-4321 | Silabs RS9116W up to 2.12.1 Bluetooth Device inconsistent structural elements (EUVD-2025-197801)
A vulnerability marked as critical has been reported in Silabs RS9116W up to 2.12.1. Affected by this vulnerability is an
CVE-2025-64046 | OpenRapid RapidCMS 1.3.1 /system/update-run.php cross site scripting
A vulnerability described as problematic has been identified in OpenRapid RapidCMS 1.3.1. Affected by this issue is some unknown functionality
CVE-2025-63917 | PDFPatcher up to 1.1.3.4663 XML Bookmark Import XmlDocument xml external entity reference
A vulnerability classified as problematic has been found in PDFPatcher up to 1.1.3.4663. This affects the function XmlDocument of the