iOT365, a vendor of OT/IoT cybersecurity solutions, announced on Thursday its initial unified asset‑discovery‑to‑SOC chain capable of mapping,… The post
Vulnerabilities
CVE-2025-13938 | WatchGuard Fireware OS up to 12.5.13/12.11.4/2025.1.2 Autotask Technology Integration cross site scripting (wgsa-2025-00023)
A vulnerability was found in WatchGuard Fireware OS up to 12.5.13/12.11.4/2025.1.2. It has been rated as problematic. This vulnerability affects
CVE-2025-13939 | WatchGuard Fireware OS up to 11.12.4+541730/12.5.13/12.11.4/2025.1.2 Gateway Wireless Controller cross site scripting (wgsa-2025-00024)
A vulnerability categorized as problematic has been discovered in WatchGuard Fireware OS up to 11.12.4+541730/12.5.13/12.11.4/2025.1.2. This issue affects some unknown
CVE-2025-13373 | Advantech iView up to 5.7.05.7057/5.8.0 sql injection
A vulnerability identified as critical has been detected in Advantech iView up to 5.7.05.7057/5.8.0. Impacted is an unknown function. The
CVE-2025-66561 | Syslifters SysReptor 2024.40/2025.83 cross site scripting (GHSA-64vw-v5c4-mgvm)
A vulnerability labeled as problematic has been found in Syslifters SysReptor 2024.40/2025.83. The affected element is an unknown function. The
CVE-2025-53704 | MAXHUB Pivot Client Application up to 1.36.1 password recovery
A vulnerability marked as problematic has been reported in MAXHUB Pivot Client Application up to 1.36.1. The impacted element is
CVE-2025-6946 | WatchGuard Fireware OS up to 12.11.2 cross site scripting (wgsa-2025-00011)
A vulnerability described as problematic has been identified in WatchGuard Fireware OS up to 12.11.2. This affects an unknown function.
CVE-2025-63499 | Alinto Sogo 5.12.3 theme cross site scripting
A vulnerability classified as problematic has been found in Alinto Sogo 5.12.3. This impacts an unknown function. Performing manipulation of
CVE-2025-12195 | WatchGuard Fireware OS up to 11.12.4+541730/12.5.13/12.11.4/2025.1.2 IPSec out-of-bounds write (wgsa-2025-00019)
A vulnerability classified as critical was found in WatchGuard Fireware OS up to 11.12.4+541730/12.5.13/12.11.4/2025.1.2. Affected is an unknown function of
CVE-2025-12153 | Featured Image via URL Plugin up to 0.1 on WordPress unrestricted upload
A vulnerability, which was classified as critical, has been found in Featured Image via URL Plugin up to 0.1 on
CVE-2025-13622 | Jabbernotification Plugin up to 0.99-RC2 on WordPress admin.php PATH_INFO cross site scripting
A vulnerability, which was classified as problematic, was found in Jabbernotification Plugin up to 0.99-RC2 on WordPress. Affected by this
CVE-2025-12181 | ContentStudio Plugin up to 1.3.7 on WordPress cstu_update_post unrestricted upload
A vulnerability has been found in ContentStudio Plugin up to 1.3.7 on WordPress and classified as critical. This affects the
CVE-2025-12851 | My Auctions Allegro Plugin up to 3.6.32 on WordPress controller file inclusion
A vulnerability was found in My Auctions Allegro Plugin up to 3.6.32 on WordPress and classified as critical. This vulnerability
CVE-2025-12374 | Email Verification, Email OTP, Block Spam Email, Passwordless Login, Hide Login, Magic Login Plugin user_verification_form_wrap_process_otpLogin improper authentication
A vulnerability was found in Email Verification, Email OTP, Block Spam Email, Passwordless Login, Hide Login, Magic Login Plugin up
CVE-2025-13515 | Nouri.sh Newsletter Plugin up to 1.0.1.3 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting
A vulnerability was found in Nouri.sh Newsletter Plugin up to 1.0.1.3 on WordPress. It has been declared as problematic. Impacted
CVE-2025-12370 | Takeads Plugin up to 1.0.13 on WordPress Setting authorization
A vulnerability was found in Takeads Plugin up to 1.0.13 on WordPress. It has been rated as problematic. The affected
CVE-2025-13623 | Twitscription Plugin up to 0.1.1 on WordPress admin.php PATH_INFO cross site scripting
A vulnerability categorized as problematic has been discovered in Twitscription Plugin up to 0.1.1 on WordPress. The impacted element is
CVE-2025-12354 | Live CSS Preview Plugin up to 2.0.0 on WordPress AJAX Endpoint wp_ajax_frontend_save authorization
A vulnerability identified as problematic has been detected in Live CSS Preview Plugin up to 2.0.0 on WordPress. This affects
CVE-2025-12133 | EPROLO Dropshipping Plugin up to 2.3.1 on WordPress AJAX Endpoint wp_ajax_eprolo_delete_tracking authorization
A vulnerability labeled as problematic has been found in EPROLO Dropshipping Plugin up to 2.3.1 on WordPress. This impacts the
CVE-2025-12093 | Voidek Employee Portal Plugin up to 1.0.6 on WordPress authorization
A vulnerability marked as critical has been reported in Voidek Employee Portal Plugin up to 1.0.6 on WordPress. Affected is
CVE-2025-12355 | Payaza Plugin up to 0.3.8 on WordPress AJAX Endpoint wp_ajax_nopriv_update_order_status authorization
A vulnerability described as problematic has been identified in Payaza Plugin up to 0.3.8 on WordPress. Affected by this vulnerability
CVE-2025-12850 | My Auctions Allegro Plugin up to 3.6.32 on WordPress auction_id sql injection
A vulnerability classified as critical has been found in My Auctions Allegro Plugin up to 3.6.32 on WordPress. Affected by
CVE-2025-13625 | WP-SOS-Donate Donation Sidebar Plugin up to 0.9.2 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting
A vulnerability classified as problematic was found in WP-SOS-Donate Donation Sidebar Plugin up to 0.9.2 on WordPress. This affects an
CVE-2025-12154 | Auto Thumbnailer Plugin up to 1.0 on WordPress uploadThumb unrestricted upload
A vulnerability, which was classified as critical, has been found in Auto Thumbnailer Plugin up to 1.0 on WordPress. This
CVE-2025-12876 | Projectopia Plugin up to 5.1.19 on WordPress pto_delete_file authorization
A vulnerability, which was classified as critical, was found in Projectopia Plugin up to 5.1.19 on WordPress. This issue affects
CVE-2025-12130 | WC Vendors Plugin up to 2.6.4 on WordPress delete cross-site request forgery
A vulnerability has been found in WC Vendors Plugin up to 2.6.4 on WordPress and classified as problematic. Impacted is
CVE-2025-13860 | Easy Jump Links Menus Plugin up to 1.0.0 on WordPress Shortcode h_tags cross site scripting
A vulnerability was found in Easy Jump Links Menus Plugin up to 1.0.0 on WordPress and classified as problematic. The
CVE-2025-13620 | WP Social Login and Register Social Counter Plugin REST Endpoint wslu/v1/check_cache/ authorization
A vulnerability was found in WP Social Login and Register Social Counter Plugin up to 3.1.3 on WordPress. It has
CVE-2025-13144 | ContentStudio Plugin up to 1.3.7 on WordPress Setting add_cstu_settings cross-site request forgery
A vulnerability was found in ContentStudio Plugin up to 1.3.7 on WordPress. It has been declared as problematic. This affects
CVE-2025-12124 | FitVids Plugin up to 4.0.1 on WordPress Setting cross site scripting
A vulnerability was found in FitVids Plugin up to 4.0.1 on WordPress. It has been rated as problematic. This impacts
CVE-2025-12186 | Weekly Planner Plugin up to 1.0 on WordPress Setting cross site scripting
A vulnerability categorized as problematic has been discovered in Weekly Planner Plugin up to 1.0 on WordPress. Affected is an
CVE-2025-12373 | Torod Plugin up to 1.9 on WordPress Setting save_settings cross-site request forgery
A vulnerability identified as problematic has been detected in Torod Plugin up to 1.9 on WordPress. Affected by this vulnerability
CVE-2025-12368 | Sermon Manager Plugin up to 2.30.0 on WordPress Shortcode sermon-views cross site scripting
A vulnerability labeled as problematic has been found in Sermon Manager Plugin up to 2.30.0 on WordPress. Affected by this
CVE-2025-10055 | Time Sheets Plugin up to 2.1.3 on WordPress cross-site request forgery
A vulnerability marked as problematic has been reported in Time Sheets Plugin up to 2.1.3 on WordPress. This affects an
CVE-2025-13684 | ARK Related Posts Plugin up to 2.19 on WordPress Setting ark_rp_options_page cross-site request forgery
A vulnerability described as problematic has been identified in ARK Related Posts Plugin up to 2.19 on WordPress. This vulnerability
CVE-2025-13739 | CryptX Plugin up to 4.0.4 on WordPress Shortcode cryptx cross site scripting
A vulnerability classified as problematic has been found in CryptX Plugin up to 4.0.4 on WordPress. This issue affects the
CVE-2025-12879 | User Generator and Importer Plugin up to 1.2.2 on WordPress cross-site request forgery
A vulnerability classified as problematic was found in User Generator and Importer Plugin up to 1.2.2 on WordPress. Impacted is
CVE-2025-13678 | Thai Lottery Widget Plugin up to 2.5 on WordPress width/height cross site scripting
A vulnerability, which was classified as problematic, has been found in Thai Lottery Widget Plugin up to 2.5 on WordPress.
CVE-2025-13614 | Cool Tag Cloud Plugin up to 2.29 on WordPress Shortcode cool_tag_cloud cross site scripting
A vulnerability, which was classified as problematic, was found in Cool Tag Cloud Plugin up to 2.29 on WordPress. The
CVE-2025-13682 | Trail Manager Plugin up to 1.0.0 on WordPress Setting cross site scripting
A vulnerability has been found in Trail Manager Plugin up to 1.0.0 on WordPress and classified as problematic. This affects
CVE-2025-13621 | Dream Gallery Plugin up to 1.0 on WordPress Setting dreampluginsmain cross-site request forgery
A vulnerability was found in Dream Gallery Plugin up to 1.0 on WordPress and classified as problematic. This impacts the
openSUSE: python-mistralclient Moderate Local File Exposure CVE-2021-4472
An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 25.10: CUPS Low Denial of Service Advisory USN-7912-1
CUPS could be made to stop responding if it received specially crafted network traffic.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 20.04: Linux IoT Kernel Critical System Flaws USN-7874-3
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: Moderate Update for chromedriver 13 Issues 2025:15794
An update that solves 13 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: python-mistralclient Moderate Local File Inclusion CVE-2021-4472
An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-54305 | Thermo Fisher Torrent Suite Django Application 5.18.1 LocalhostAuthMiddleware REMOTE_ADDR improper authentication
A vulnerability described as critical has been identified in Thermo Fisher Torrent Suite Django Application 5.18.1. The affected element is
CVE-2025-40256 | Linux Kernel up to 6.17.9 xfrm_state_delete_tunnel initialization
A vulnerability classified as critical has been found in Linux Kernel up to 6.17.9. The impacted element is the function
CVE-2025-40261 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 nvme_fc_delete_ctrl information disclosure
A vulnerability classified as critical was found in Linux Kernel up to 6.6.117/6.12.59/6.17.9. This affects the function nvme_fc_delete_ctrl. The manipulation
CVE-2025-40264 | Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9 be_insert_vlan_in_pkt wrb_params null pointer dereference
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9. This impacts the function
CVE-2025-40255 | Linux Kernel up to 6.17.9 generic_hwtstamp_ioctl_lower null pointer dereference
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.17.9. Affected is the function generic_hwtstamp_ioctl_lower.
CVE-2025-40258 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 mptcp lib/refcount.c mptcp_schedule_work use after free
A vulnerability has been found in Linux Kernel up to 6.6.117/6.12.59/6.17.9 and classified as critical. Affected by this vulnerability is
CVE-2025-40259 | Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9 scsi sg_finish_rem_req privilege escalation
A vulnerability was found in Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9 and classified as critical. Affected by this issue is the
CVE-2025-40260 | Linux Kernel up to 6.17.9 scx_enable null pointer dereference
A vulnerability was found in Linux Kernel up to 6.17.9. It has been classified as critical. This affects the function
CVE-2025-40262 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 imx_sc_key_action memory corruption
A vulnerability was found in Linux Kernel up to 6.6.117/6.12.59/6.17.9. It has been declared as critical. This vulnerability affects the
CVE-2025-40263 | Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9 cros_ec_keyb_register_matrix initialization
A vulnerability was found in Linux Kernel up to 5.4.301/6.6.117/6.12.59/6.17.9. It has been rated as critical. This issue affects the
CVE-2025-40266 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 buffer overflow
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.117/6.12.59/6.17.9. Impacted is an unknown function. Such
CVE-2025-40221 | Linux Kernel up to 6.12.53/6.17.3 media uninitialized pointer
A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.53/6.17.3. The affected element is an unknown
CVE-2025-40257 | Linux Kernel up to 6.6.117/6.12.59/6.17.9 mptcp_pm_del_add_timer use after free
A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.117/6.12.59/6.17.9. The impacted element is the function
CVE-2025-40265 | Linux Kernel up to 6.17.9 vfat sb_min_blocksize return value
A vulnerability marked as critical has been reported in Linux Kernel up to 6.17.9. This affects the function sb_min_blocksize of
CVE-2025-54307 | Thermo Fisher Torrent Suite Django Application up to 5.18.1 ZIP File Parser zip plupload_file_upload name/filename path traversal
A vulnerability described as critical has been identified in Thermo Fisher Torrent Suite Django Application up to 5.18.1. This impacts
CVE-2025-65346 | alexusmai laravel-file-manager up to 3.3.1 Extraction path traversal
A vulnerability classified as critical has been found in alexusmai laravel-file-manager up to 3.3.1. Affected is an unknown function of
CVE-2025-54160 | Synology BeeDrive for Desktop prior 1.4.2-13960 path traversal (SA_25_08)
A vulnerability classified as critical was found in Synology BeeDrive for Desktop. Affected by this vulnerability is an unknown functionality.
CVE-2025-54158 | Synology BeeDrive for Desktop prior 1.4.2-13960 missing authentication (SA_25_08)
A vulnerability, which was classified as critical, has been found in Synology BeeDrive for Desktop. Affected by this issue is
CVE-2025-8074 | Synology BeeDrive for Desktop 1.4.2-13960 origin validation (SA_25_09)
A vulnerability, which was classified as problematic, was found in Synology BeeDrive for Desktop 1.4.2-13960. This affects an unknown part.
CVE-2025-29843 | Synology Router Manager up to 1.3.1-9346-11 FileStation Thumb CGI path traversal (SA_25_04)
A vulnerability has been found in Synology Router Manager and classified as critical. This vulnerability affects unknown code of the
CVE-2025-54159 | Synology BeeDrive for desktop prior 1.4.2-13960 authorization (SA_25_08)
A vulnerability was found in Synology BeeDrive for desktop and classified as critical. This issue affects some unknown processing. The
CVE-2025-56427 | ComposioHQ 0.7.20 _download_file_or_dir path traversal
A vulnerability was found in ComposioHQ 0.7.20. It has been classified as critical. Impacted is the function _download_file_or_dir. This manipulation
CVE-2025-29844 | Synology Router Manager prior 1.3/1.3.1-9346-13 FileStation File CGI path traversal (SA_25_04)
A vulnerability was found in Synology Router Manager. It has been declared as critical. The affected element is an unknown
CVE-2025-29845 | Synology Router Manager up to 1.3.1-9346-11 VideoPlayer2 Subtitle CGI path traversal (SA_25_04)
A vulnerability was found in Synology Router Manager. It has been rated as critical. The impacted element is an unknown
CVE-2025-29846 | Synology Router Manager up to 1.3.1-9346-11 Portenable CGI path traversal (SA_25_04)
A vulnerability categorized as critical has been discovered in Synology Router Manager. This affects an unknown function of the component
CVE-2025-2848 | Synology Mail Server prior 1.7.6-10676/1.7.6-20676 Setting authorization (SA_25_05)
A vulnerability identified as critical has been detected in Synology Mail Server. This impacts an unknown function of the component
CVE-2025-65516 | Seafile Community Edition up to 13.0.11 SVG File cross site scripting
A vulnerability labeled as problematic has been found in Seafile Community Edition up to 13.0.11. Affected is an unknown function
CVE-2025-57210 | fuyang_lipengjun platform 1.0.0 ApiPayController.java access control
A vulnerability marked as critical has been reported in fuyang_lipengjun platform 1.0.0. Affected by this vulnerability is an unknown functionality
CVE-2025-57212 | fuyang_lipengjun platform 1.0.0 ApiOrderService.java access control
A vulnerability described as critical has been identified in fuyang_lipengjun platform 1.0.0. Affected by this issue is some unknown functionality
CVE-2025-57213 | fuyang_lipengjun platform 1.0.0 orderService.queryObject access control
A vulnerability classified as critical has been found in fuyang_lipengjun platform 1.0.0. This affects the function orderService.queryObject. Performing manipulation results
CVE-2025-13494 | SSP Debug Plugin up to 1.0.0 on WordPress ssp-debug.log information disclosure
A vulnerability classified as problematic was found in SSP Debug Plugin up to 1.0.0 on WordPress. This vulnerability affects unknown
CVE-2025-13313 | CRM Memberships Plugin up to 2.5 on WordPress AJAX Endpoint ntzcrm_changepassword authorization
A vulnerability, which was classified as critical, has been found in CRM Memberships Plugin up to 2.5 on WordPress. This
CVE-2025-13528 | Feedback Modal for Website Plugin up to 1.0.1 on WordPress handle_export export_data authorization
A vulnerability, which was classified as problematic, was found in Feedback Modal for Website Plugin up to 1.0.1 on WordPress.
CVE-2025-13006 | SurveyFunnel Plugin up to 1.1.5 on WordPress REST API Endpoint v2 improper authentication
A vulnerability has been found in SurveyFunnel Plugin up to 1.1.5 on WordPress and classified as critical. The affected element
CVE-2025-13312 | CRM Memberships Plugin up to 2.5 on WordPress ntzcrm_add_new_tag authorization
A vulnerability was found in CRM Memberships Plugin up to 2.5 on WordPress and classified as critical. The impacted element
CVE-2025-12191 | PDF Catalog for WooCommerce Plugin up to 1.1.18 on WordPress cross site scripting
A vulnerability was found in PDF Catalog for WooCommerce Plugin up to 1.1.18 on WordPress. It has been classified as
CVE-2025-12417 | SurveyFunnel Plugin up to 1.1.5 on WordPress Shortcode surveyfunnel_lite_survey cross site scripting
A vulnerability was found in SurveyFunnel Plugin up to 1.1.5 on WordPress. It has been declared as problematic. This impacts
CVE-2025-13362 | Norby AI Plugin up to 1.0.3 on WordPress Setting cross-site request forgery
A vulnerability was found in Norby AI Plugin up to 1.0.3 on WordPress. It has been rated as problematic. Affected
CVE-2025-12128 | Hide Categories Or Products On Shop Page Plugin up to 1.0.7 on WordPress save_data_hcps cross-site request forgery
A vulnerability categorized as problematic has been discovered in Hide Categories Or Products On Shop Page Plugin up to 1.0.7
CVE-2025-13360 | Quantic Social Image Hover Plugin up to 1.0.8 on WordPress Setting cross-site request forgery
A vulnerability identified as problematic has been detected in Quantic Social Image Hover Plugin up to 1.0.8 on WordPress. Affected
CVE-2025-12190 | wps Image Optimizer Plugin up to 1.2.0 on WordPress imagopby_ajax_optimize_gallery cross-site request forgery
A vulnerability labeled as problematic has been found in wps Image Optimizer Plugin up to 1.2.0 on WordPress. This affects
CVE-2025-13512 | CoSign Single Signon Plugin up to 0.3.1 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting
A vulnerability marked as problematic has been reported in CoSign Single Signon Plugin up to 0.3.1 on WordPress. This vulnerability
CVE-2025-12163 | Omnipress Plugin up to 1.6.3 on WordPress SVG File cross site scripting
A vulnerability described as problematic has been identified in Omnipress Plugin up to 1.6.3 on WordPress. This issue affects some
CVE-2025-12189 | Bread & Butter Plugin up to 7.10.1321 on WordPress uploadImage cross-site request forgery
A vulnerability classified as problematic has been found in Bread & Butter Plugin up to 7.10.1321 on WordPress. Impacted is
CVE-2025-12165 | Webcake Plugin up to 1.1 on WordPress webcake_save_config authorization
A vulnerability classified as problematic was found in Webcake Plugin up to 1.1 on WordPress. The affected element is the
CVE-2025-63364 | Waveshare RS232-485 to WIFI ETH missing encryption
A vulnerability, which was classified as problematic, has been found in Waveshare RS232-485 to WIFI ETH. The impacted element is
CVE-2025-66373 | Akamai Ghost 2025-03-26/2025-07-21 HTTP Request request smuggling
A vulnerability, which was classified as critical, was found in Akamai Ghost 2025-03-26/2025-07-21. This affects an unknown function of the
CVE-2025-66287 | WebKitGTK Web Content buffer overflow
A vulnerability has been found in WebKitGTK and classified as critical. This impacts an unknown function of the component Web
CVE-2025-14051 | youlaitech youlai-mall 1.0.0/2.0.0 addresses getById/updateAddress/deleteAddress improper control of dynamically-identified variables
A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0 and classified as critical. Affected is the function getById/updateAddress/deleteAddress of the file
CVE-2025-14052 | youlaitech youlai-mall 1.0.0/2.0.0 members getMemberById memberId access control
A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. It has been classified as critical. Affected by this vulnerability is the
Ubuntu 22.04 LTS: Linux Kernel Critical Security Flaws USN-7909-2
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS: USN-7889-4 Linux Kernel Critical Flaws Fixed
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 25.04, USN-7879-4, Linux Kernel Important Security Issues
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04 LTS: Critical Linux Kernel Vulnerabilities USN-7909-3 CVEs
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04: Linux Kernel Critical Security Flaws USN-7909-1
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More