A holistic approach to securing Exchange servers beyond Exchange 2016 and 2019 end-of-life.Kaspersky official blogRead More
Vulnerabilities
CVE-2025-7820 | SKT PayPal for WooCommerce Plugin up to 1.4 on WordPress Payment Remote Code Execution
A vulnerability was found in SKT PayPal for WooCommerce Plugin up to 1.4 on WordPress. It has been classified as
CVE-2025-13540 | Tiare Membership Plugin up to 1.2 on WordPress tiare_membership_init_rest_api_register Remote Code Execution
A vulnerability was found in Tiare Membership Plugin up to 1.2 on WordPress. It has been declared as critical. The
CVE-2025-12123 | Customer Reviews Collector for WooCommerce Plugin up to 4.6.1 on WordPress text cross site scripting
A vulnerability was found in Customer Reviews Collector for WooCommerce Plugin up to 4.6.1 on WordPress. It has been rated
CVE-2025-13143 | Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin disconnect_account_action cross-site request forgery
A vulnerability categorized as problematic has been discovered in Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin up
CVE-2025-12151 | Simple Folio Plugin up to 1.1.0 on WordPress portfolio_name cross site scripting
A vulnerability identified as problematic has been detected in Simple Folio Plugin up to 1.1.0 on WordPress. Affected is an
CVE-2025-12185 | StaffList Plugin up to 3.2.6 on WordPress Admin Setting cross site scripting
A vulnerability labeled as problematic has been found in StaffList Plugin up to 3.2.6 on WordPress. Affected by this vulnerability
CVE-2025-13525 | WP Directory Kit Plugin up to 1.4.5 on WordPress order_by cross site scripting
A vulnerability marked as problematic has been reported in WP Directory Kit Plugin up to 1.4.5 on WordPress. Affected by
CVE-2025-65239 | OpenCode USSD Gateway OC 6.13.11 /aux1/ocussd/trace access control
A vulnerability was found in OpenCode USSD Gateway OC 6.13.11. It has been rated as critical. Impacted is an unknown
CVE-2025-46175 | y_project RuoYi 4.8.0 SysUserController.java authRole access control
A vulnerability categorized as critical has been discovered in y_project RuoYi 4.8.0. The affected element is the function authRole of
CVE-2025-63938 | Tinyproxy up to 1.11.2 src/reqs.c strip_return_port integer overflow
A vulnerability identified as critical has been detected in Tinyproxy up to 1.11.2. The impacted element is the function strip_return_port
CVE-2025-13539 | FindAll Membership Plugin up to 1.0.4 on WordPress Social Login findall_membership_check_google_user improper authentication
A vulnerability labeled as critical has been found in FindAll Membership Plugin up to 1.0.4 on WordPress. This affects the
CVE-2025-13538 | FindAll Listing Plugin up to 1.0.5 on WordPress Remote Code Execution
A vulnerability marked as critical has been reported in FindAll Listing Plugin up to 1.0.5 on WordPress. This impacts the
CVE-2025-13680 | Tiger Plugin up to 101.2.1 on WordPress set_role privilege escalation
A vulnerability described as critical has been identified in Tiger Plugin up to 101.2.1 on WordPress. Affected is the function
CVE-2025-45311 | fail2ban-client 0.11.2 permission
A vulnerability, which was classified as critical, has been found in fail2ban-client 0.11.2. Affected is an unknown function. This manipulation
CVE-2025-62354 | cursor up to 1.x os command injection
A vulnerability, which was classified as critical, was found in cursor up to 1.x. Affected by this vulnerability is an
CVE-2025-50402 | FAST FAC1200R F400_FAC1200R_Q sub_80435780 fac_password buffer overflow
A vulnerability has been found in FAST FAC1200R F400_FAC1200R_Q and classified as critical. Affected by this issue is the function
CVE-2025-46174 | y_project RuoYi 4.8.0 SysUserController.java resetPwd access control
A vulnerability was found in y_project RuoYi 4.8.0 and classified as critical. This affects the function resetPwd of the file
CVE-2025-56396 | y_project RuoYi 4.8.1 privilege escalation
A vulnerability was found in y_project RuoYi 4.8.1. It has been classified as critical. This vulnerability affects unknown code. The
CVE-2025-50399 | FAST FAC1200R F400_FAC1200R_Q sub_80435780 Password buffer overflow
A vulnerability was found in FAST FAC1200R F400_FAC1200R_Q. It has been declared as critical. This issue affects the function sub_80435780.
openSUSE: Kernel Important Bluetooth Disconnect Flaw 2025:4242-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Enterprise 15 SP4: 2025:4242-1 Important Bluetooth Threat Fix
* bsc#1251983 Cross-References: * CVE-2023-53673LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 16.0: 573 Critical Kernel Vulnerabilities Found 2025-20081-1
An update that solves 573 vulnerabilities and has 669 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS: Linux Real-Time Kernel Critical Problems USN-7889-3
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04: Linux Kernel Critical Security Update USN-7889-2
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS: Kernel Severity Critical Data Integrity Threat USN-7879-3
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13601 | glib g_escape_uri_string integer overflow
A vulnerability was found in glib. It has been rated as problematic. This affects the function g_escape_uri_string. The manipulation leads
CVE-2025-12578 | Reuters Direct Plugin up to 3.0.0 on WordPress Setting class-reuters-direct-settings.php cross-site request forgery
A vulnerability categorized as problematic has been discovered in Reuters Direct Plugin up to 3.0.0 on WordPress. This vulnerability affects
CVE-2025-12666 | Google Drive Upload and Download Link Plugin up to 1.0 on WordPress Shortcode atachfilegoogle cross site scripting
A vulnerability identified as problematic has been detected in Google Drive Upload and Download Link Plugin up to 1.0 on
CVE-2025-12712 | Shouty Plugin up to 0.2.1 on WordPress Shortcode cross site scripting
A vulnerability labeled as problematic has been found in Shouty Plugin up to 0.2.1 on WordPress. Impacted is an unknown
CVE-2025-12649 | SortTable Post Plugin up to 4.2 on WordPress Shortcode ID cross site scripting
A vulnerability marked as problematic has been reported in SortTable Post Plugin up to 4.2 on WordPress. The affected element
CVE-2025-12670 | wp-twitpic Plugin up to 1.0 on WordPress Shortcode cross site scripting
A vulnerability described as problematic has been identified in wp-twitpic Plugin up to 1.0 on WordPress. The impacted element is
CVE-2025-12713 | Soundslides Plugin up to 1.4.2 on WordPress Shortcode soundslides cross site scripting
A vulnerability classified as problematic has been found in Soundslides Plugin up to 1.4.2 on WordPress. This affects the function
CVE-2025-12579 | Reuters Direct Plugin up to 3.0.0 on WordPress Setting authorization
A vulnerability classified as critical was found in Reuters Direct Plugin up to 3.0.0 on WordPress. This impacts an unknown
CVE-2025-13674 | Wireshark 4.6.0 BPv7 Dissector uninitialized pointer (ID 20770 / EUVD-2025-199716)
A vulnerability was found in Wireshark 4.6.0. It has been declared as problematic. Affected by this issue is some unknown
CVE-2025-62728 | Apache Hive up to 4.1.x HMS Thrift API sql injection
A vulnerability was found in Apache Hive up to 4.1.x. It has been classified as critical. Affected by this vulnerability
CVE-2025-13735 | ASR Lapwing_Linux on Linux NrCgi.C out-of-bounds
A vulnerability has been found in ASR Lapwing_Linux on Linux and classified as critical. This impacts an unknown function of
CVE-2025-12061 | Tax Service Electronic HDM Plugin up to 1.2.0 on WordPress cross-site request forgery
A vulnerability was found in Tax Service Electronic HDM Plugin up to 1.2.0 on WordPress and classified as problematic. Affected
CVE-2025-66261 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Setting restore_settings.php exec Name os command injection
A vulnerability identified as critical has been detected in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This vulnerability
CVE-2025-66263 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Setting download_setting.php filename null byte or nul character
A vulnerability labeled as problematic has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This issue
CVE-2025-66262 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 restore_mozzi_memories.sh path traversal
A vulnerability marked as critical has been reported in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Impacted is
CVE-2025-66019 | py-pdf pypdf up to 6.3.x LZWDecode Filter resource consumption (GHSA-m449-cwjh-6pw7)
A vulnerability described as problematic has been identified in py-pdf pypdf up to 6.3.x. The affected element is an unknown
CVE-2025-65957 | Intercore-Productions Core-Bot Configuration SUPABASE_API_KEY/TOKEN information disclosure (GHSA-42j6-x28v-38r8)
A vulnerability classified as problematic has been found in Intercore-Productions Core-Bot. The impacted element is an unknown function of the
CVE-2025-65965 | anchore grype up to 0.104.0 improper removal of sensitive information before storage or transfer (GHSA-6gxw-85q2-q646)
A vulnerability classified as problematic was found in anchore grype up to 0.104.0. This affects an unknown function. Executing manipulation
CVE-2025-66251 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 deletehidden path traversal
A vulnerability, which was classified as critical, has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000.
CVE-2025-65953 | NanoMQ up to 0.22.4 NanoNNG broker_tcp.c use after free (GHSA-r95p-wjm8-2qxr)
A vulnerability, which was classified as critical, was found in NanoMQ up to 0.22.4. Affected is an unknown function of
CVE-2025-34350 | Synergetic Data Systems UnForm Server up to 10.1.14 path traversal
A vulnerability has been found in Synergetic Data Systems UnForm Server up to 10.1.14 and classified as critical. Affected by
CVE-2025-12816 | Digital Bazaar node-forge/forge up to 1.3.1 ASN.1 Structure interpretation conflict (GHSA-5gfm-wpxj-wjgq)
A vulnerability was found in Digital Bazaar node-forge and forge up to 1.3.1 and classified as problematic. Affected by this
CVE-2025-66017 | LFDT-Lockness cggmp21 risky encryption (GHSA-8frv-q972-9rq5)
A vulnerability was found in LFDT-Lockness cggmp21. It has been classified as problematic. This affects an unknown part. Performing manipulation
CVE-2025-12848 | Webform Multiple File Upload Module 7.x on Drupal Multifile cross site scripting
A vulnerability was found in Webform Multiple File Upload Module 7.x on Drupal. It has been declared as problematic. This
CVE-2025-66020 | open-circle valibot up to 1.1.x String EMOJI_REGEX redos (GHSA-vqpr-j7v3-hqw9)
A vulnerability was found in open-circle valibot up to 1.1.x. It has been rated as problematic. This issue affects the
CVE-2025-65963 | humhub cfiles up to 0.16.10/0.17.1 access control (GHSA-rv2x-7qwp-2hf4)
A vulnerability categorized as critical has been discovered in humhub cfiles up to 0.16.10/0.17.1. Impacted is an unknown function. The
CVE-2025-58360 | GeoServer up to 2.25.5/2.26.1 /geoserver/wms xml external entity reference (GHSA-fjf5-xgmq-5525)
A vulnerability identified as problematic has been detected in GeoServer up to 2.25.5/2.26.1. The affected element is an unknown function
CVE-2025-66269 | MegaTec UPSilon2000 6.0.5 RupsMon Service/USBMate Service unquoted search path
A vulnerability labeled as problematic has been found in MegaTec UPSilon2000 6.0.5. The impacted element is an unknown function of
CVE-2025-66026 | Redaxo CMS up to 5.20.0 Link args[types] cross site scripting (GHSA-x6vr-q3vf-vqgq)
A vulnerability marked as problematic has been reported in Redaxo CMS up to 5.20.0. This affects an unknown function of
CVE-2025-65961 | Contao CMS up to 4.13.56/5.3.41/5.6.4 cross site scripting (GHSA-68q5-78xp-cwwc)
A vulnerability described as problematic has been identified in Contao CMS up to 4.13.56/5.3.41/5.6.4. This impacts an unknown function. Executing
CVE-2025-66266 | MegaTec UPSilon2000 6.0.5 RupsMon.exe privileges management
A vulnerability classified as critical has been found in MegaTec UPSilon2000 6.0.5. Affected is an unknown function of the file
CVE-2025-66025 | Caido up to 0.52.x Findings Page redirect (GHSA-cf52-h5mw-gmc2)
A vulnerability classified as problematic was found in Caido up to 0.52.x. Affected by this vulnerability is an unknown functionality
CVE-2025-66021 | OWASP java-html-sanitizer 20240325.1 cross site scripting (GHSA-g9gq-3pfx-2gw2)
A vulnerability, which was classified as problematic, has been found in OWASP java-html-sanitizer 20240325.1. Affected by this issue is some
CVE-2025-66265 | MegaTec ClientMate 6.2.2 CMService.exe privileges management
A vulnerability, which was classified as critical, was found in MegaTec ClientMate 6.2.2. This affects an unknown part of the
CVE-2025-9624 | OpenSearch up to 3.1.x Query String recursion
A vulnerability has been found in OpenSearch up to 3.1.x and classified as problematic. This vulnerability affects unknown code of
CVE-2025-51743 | jishenghua JSH_ERP 2.3.1 fastjson addMaterialCategory deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1 and classified as critical. This issue affects some unknown processing of the
CVE-2025-51746 | jishenghua JSH_ERP 2.3.1 fastjson addSerialNumber deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been classified as critical. Impacted is an unknown function of
CVE-2025-51745 | jishenghua JSH_ERP 2.3.1 fastjson /role/addcan deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been declared as critical. The affected element is an unknown
CVE-2025-51744 | jishenghua JSH_ERP 2.3.1 fastjson /user/addUser deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been rated as critical. The impacted element is an unknown
CVE-2025-66258 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 XML File cross site scripting
A vulnerability categorized as problematic has been discovered in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This affects
CVE-2025-64983 | SwitchBot Smart Video Doorbell up to 2.01.77 Telnet debug code
A vulnerability identified as critical has been detected in SwitchBot Smart Video Doorbell up to 2.01.77. This impacts an unknown
CVE-2025-66264 | MegaTec ClientMate 6.2.2 CMService.exe unquoted search path
A vulnerability labeled as problematic has been found in MegaTec ClientMate 6.2.2. Affected is an unknown function of the file
CVE-2025-65956 | getformwork up to 2.1.x cross site scripting (GHSA-7j46-f57w-76pj)
A vulnerability marked as problematic has been reported in getformwork formwork up to 2.1.x. Affected by this vulnerability is an
CVE-2025-63735 | Ruckus Unleashed 200.13.6.1.319 guestAccessSubmit.jsp Name cross site scripting
A vulnerability described as problematic has been identified in Ruckus Unleashed 200.13.6.1.319. Affected by this issue is some unknown functionality
CVE-2025-65942 | VictoriaMetrics up to 1.110.22/1.122.7/1.129.0 allocation of resources (GHSA-66jq-2c23-2xh5)
A vulnerability classified as problematic has been found in VictoriaMetrics up to 1.110.22/1.122.7/1.129.0. This affects an unknown part. This manipulation
CVE-2025-9557 | zephyrproject-rtos Zephyr up to 4.2 buffer overflow
A vulnerability classified as critical was found in zephyrproject-rtos Zephyr up to 4.2. This vulnerability affects unknown code. Such manipulation
CVE-2025-9558 | zephyrproject-rtos Zephyr up to 4.2 pb_adv.c gen_prov_start buffer overflow
A vulnerability, which was classified as critical, has been found in zephyrproject-rtos Zephyr up to 4.2. This issue affects the
CVE-2025-55174 | KDE Skanpage up to 25.07.x QIODevice::ReadWrite incorrect provision of specified functionality
A vulnerability, which was classified as problematic, was found in KDE Skanpage up to 25.07.x. Impacted is the function QIODevice::ReadWrite.
CVE-2025-65952 | iiDk-the-actual Console up to 2.7.x path traversal (GHSA-c3f7-xh45-2xc7)
A vulnerability has been found in iiDk-the-actual Console up to 2.7.x and classified as critical. The affected element is an
CVE-2025-64704 | bytecodealliance wasm-micro-runtime up to 2.4.3 unusual condition (GHSA-2f2p-wf5w-82qr)
A vulnerability was found in bytecodealliance wasm-micro-runtime up to 2.4.3 and classified as problematic. The impacted element is an unknown
CVE-2025-64713 | bytecodealliance wasm-micro-runtime up to 2.4.3 memory corruption (GHSA-gvx3-gg3x-rjcx)
A vulnerability was found in bytecodealliance wasm-micro-runtime up to 2.4.3. It has been classified as critical. This affects an unknown
CVE-2025-21621 | GeoServer up to 2.24.x SLD_BODY cross site scripting (GHSA-w66h-j855-qr72)
A vulnerability was found in GeoServer up to 2.24.x. It has been declared as problematic. This impacts an unknown function.
CVE-2025-9191 | Houzez Plugin up to 4.1.6 on WordPress Saved Search saved-search-item.php deserialization
A vulnerability was found in Houzez Plugin up to 4.1.6 on WordPress. It has been rated as critical. Affected is
CVE-2025-9163 | Houzez Plugin up to 4.1.6 on WordPress SVG File houzez_property_img_upload cross site scripting
A vulnerability categorized as problematic has been discovered in Houzez Plugin up to 4.1.6 on WordPress. Affected by this vulnerability
CVE-2025-13698 | Deciso OPNsense diag_backup.php path traversal (ZDI-25-1022)
A vulnerability identified as critical has been detected in Deciso OPNsense. Affected by this issue is some unknown functionality of
CVE-2025-13084 | Opto 22 groov View exposure of sensitive information through metadata (icsa-25-329-04)
A vulnerability labeled as critical has been found in Opto 22 groov View. This affects an unknown part. The manipulation
CVE-2025-64126 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)
A vulnerability marked as critical has been reported in Zenitel TCIV-3+. This vulnerability affects unknown code. This manipulation causes os
CVE-2025-64127 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)
A vulnerability described as critical has been identified in Zenitel TCIV-3+. This issue affects some unknown processing. Such manipulation leads
CVE-2025-64128 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)
A vulnerability classified as critical has been found in Zenitel TCIV-3+. Impacted is an unknown function. Performing manipulation results in
CVE-2025-64129 | Zenitel TCIV-3+ prior 9.3.3.0 out-of-bounds write (icsa-25-329-03)
A vulnerability classified as critical was found in Zenitel TCIV-3+. The affected element is an unknown function. Executing manipulation can
CVE-2025-64130 | Zenitel TCIV-3+ prior 9.3.3.0 cross site scripting (icsa-25-329-03)
A vulnerability, which was classified as problematic, has been found in Zenitel TCIV-3+. The impacted element is an unknown function.
CVE-2025-59390 | Apache Druid up to 34.0.0 Kerberos cryptographic issues
A vulnerability, which was classified as problematic, was found in Apache Druid up to 34.0.0. This affects an unknown function
CVE-2025-66260 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 status_sql.php pg_escape_string sw1/sw2 sql injection
A vulnerability categorized as critical has been discovered in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected is
CVE-2025-66253 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 start_upgrade.php exec filename os command injection
A vulnerability identified as critical has been detected in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected by
CVE-2025-66259 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 main_ok.php data/hour/time os command injection
A vulnerability labeled as critical has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected by
CVE-2025-66255 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Firmware Upgrade Endpoint upgrade_contents.php unrestricted upload
A vulnerability marked as critical has been reported in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This affects
CVE-2025-62703 | fugue-project fugue up to 0.9.2 fugue/rpc/flask.py _decode deserialization (GHSA-xv5p-fjw5-vrj6)
A vulnerability described as very critical has been identified in fugue-project fugue up to 0.9.2. This vulnerability affects the function
CVE-2025-66252 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Immutable File unlink infinite loop
A vulnerability classified as problematic has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This issue
CVE-2025-66250 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 status_contents.php unrestricted upload
A vulnerability classified as critical was found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Impacted is an
SUSE: Kernel Important Bluetooth Disconnect Risk CVE-2023-53673 2025:4237-1
* bsc#1251983 Cross-References: * CVE-2023-53673LinuxSecurity – Security AdvisoriesRead More
Debian: pdfminer Critical CVE-2025-64512 Code Execution Risk Advisory
A vulnerability was discovered in pdfminer, a tool for extracting information from PDF documents, which may result in the execution
Mageia 9: webkit2 Important Remote Access Issues MGASA-2025-0313
MGASA-2025-0313 – Updated webkit2 packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
openSUSE: curl Moderate Security Update CVE-2025-11563 SUSE-SU-2025:4236-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: wget Low Directory Traversal CVE-2025-11564 Advisory 2025:4237-2
* bsc#1253757 Cross-References: * CVE-2025-11563LinuxSecurity – Security AdvisoriesRead More
openSUSE: Kernel Important Bluetooth Disconnect Callback CVE-2023-53673
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More