Today marks ten years since one of the deadliest terrorist attacks in recent European history was carried out in Paris
Vulnerabilities
Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion
Topic: Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion Risk: Medium Text:#!/usr/bin/env python3 # # # Logitech Streamlabs Desktop 1.19.6 (overlay)
Cisco Catalyst Center Privilege Escalation Vulnerability
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges.
Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability
A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on
Cisco Catalyst Center REST API Command Injection Vulnerability
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands
Cisco Catalyst Center Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a
Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to
Debian: Chromium Critical Exec Code Risk DSA-6055-1 CVE-2025-13042
A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or
CVE-2025-12904 | otacke SNORDIAN’s H5PxAPIkatchu Plugin up to 0.4.17 on WordPress AJAX Endpoint insert_data cross site scripting
A vulnerability classified as problematic has been found in otacke SNORDIAN’s H5PxAPIkatchu Plugin up to 0.4.17 on WordPress. Impacted is
CVE-2025-12817 | PostgreSQL up to 18.0 CREATE STATISTICS Command authorization
A vulnerability was found in PostgreSQL up to 18.0. It has been classified as problematic. This affects an unknown function
CVE-2025-12818 | PostgreSQL up to 18.0 libpq Client Library integer overflow
A vulnerability was found in PostgreSQL up to 18.0. It has been declared as problematic. This impacts an unknown function
CVE-2025-12763 | pgAdmin 4 up to 9.9 on Windows File command injection (Issue 9323)
A vulnerability was found in pgAdmin 4 up to 9.9 on Windows. It has been rated as critical. Affected is
CVE-2025-12762 | pgAdmin 4 up to 9.9 PLAIN-format Dump File injection (Issue 9320)
A vulnerability categorized as problematic has been discovered in pgAdmin 4 up to 9.9. Affected by this vulnerability is an
CVE-2025-41069 | T-Innova DeporSite DSuite 2025 02.14.1115 obtenerDatosConsentimientos idUsuario authorization
A vulnerability identified as problematic has been detected in T-Innova DeporSite DSuite 2025 02.14.1115. Affected by this issue is some
CVE-2025-12764 | pgAdmin up to 9.9 DC/LDAP Username ldap injection (Issue 9325)
A vulnerability labeled as problematic has been found in pgAdmin up to 9.9. This affects an unknown part of the
CVE-2025-40681 | xCally Omnichannel 3.30.1 URL /login failureMessage cross site scripting
A vulnerability marked as problematic has been reported in xCally Omnichannel 3.30.1. This vulnerability affects unknown code of the file
CVE-2025-12765 | pgAdmin 4 up to 9.9 TLS Certificate certificate validation (Issue 9324)
A vulnerability described as critical has been identified in pgAdmin 4 up to 9.9. This issue affects some unknown processing
CVE-2025-13121 | cameasy Liketea 1.0.0 API Endpoint StoreController.php list lng/lat sql injection
A vulnerability, which was classified as critical, was found in cameasy Liketea 1.0.0. Impacted is the function list of the
CVE-2025-13122 | SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_checkin.php getPatientAppointment appointmentID sql injection
A vulnerability has been found in SourceCodester Patients Waiting Area Queue Management System 1.0 and classified as critical. The affected
CVE-2025-13123 | AMTT Hotel Broadband Operation System 1.0 get_firstdate.php uid sql injection
A vulnerability was found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. The impacted element is an
CVE-2025-64259 | Jeroen Schmit Theater for WordPress Plugin up to 0.18.8 on WordPress authorization
A vulnerability was found in Jeroen Schmit Theater for WordPress Plugin up to 0.18.8 on WordPress. It has been rated
CVE-2025-64267 | WPSwings WooCommerce Ultimate Points and Rewards Plugin up to 2.10.2 on WordPress exposure of sensitive system information to an unauthorized control sphere
A vulnerability categorized as problematic has been discovered in WPSwings WooCommerce Ultimate Points and Rewards Plugin up to 2.10.2 on
CVE-2025-64269 | EDGARROJAS WooCommerce PDF Invoice Builder Plugin up to 1.2.150 on WordPress authorization
A vulnerability identified as critical has been detected in EDGARROJAS WooCommerce PDF Invoice Builder Plugin up to 1.2.150 on WordPress.
CVE-2025-64379 | Pluggabl Booster for WooCommerce Plugin up to 7.4.0 on WordPress authorization
A vulnerability labeled as critical has been found in Pluggabl Booster for WooCommerce Plugin up to 7.4.0 on WordPress. The
CVE-2025-64382 | WebToffee Order Export & Order Import for WooCommerce Plugin authorization
A vulnerability marked as critical has been reported in WebToffee Order Export & Order Import for WooCommerce Plugin up to
CVE-2025-64261 | codepeople Appointment Booking Calendar Plugin up to 1.3.95 on WordPress authorization
A vulnerability described as critical has been identified in codepeople Appointment Booking Calendar Plugin up to 1.3.95 on WordPress. This
CVE-2025-64265 | N-Media Frontend File Manager Plugin up to 23.2 on WordPress authorization
A vulnerability classified as critical has been found in N-Media Frontend File Manager Plugin up to 23.2 on WordPress. Affected
CVE-2025-64274 | wpkoithemes WPKoi Templates for Elementor Plugin up to 3.4.4 on WordPress authorization
A vulnerability classified as critical was found in wpkoithemes WPKoi Templates for Elementor Plugin up to 3.4.4 on WordPress. Affected
CVE-2025-64276 | Ays Pro Survey Maker Plugin up to 5.1.9.4 on WordPress authorization
A vulnerability, which was classified as critical, has been found in Ays Pro Survey Maker Plugin up to 5.1.9.4 on
CVE-2025-64277 | QuantumCloud ChatBot Plugin up to 7.3.9 on WordPress authorization
A vulnerability, which was classified as critical, was found in QuantumCloud ChatBot Plugin up to 7.3.9 on WordPress. This affects
CVE-2025-64370 | YOP Poll Plugin up to 6.5.38 on WordPress authorization
A vulnerability has been found in YOP Poll Plugin up to 6.5.38 on WordPress and classified as critical. This vulnerability
CVE-2025-64369 | codepeople Contact Form Email Plugin up to 1.3.58 on WordPress authorization
A vulnerability was found in codepeople Contact Form Email Plugin up to 1.3.58 on WordPress and classified as critical. This
CVE-2025-64263 | PluginEver WP Content Pilot Plugin up to 2.1.7 on WordPress authorization
A vulnerability was found in PluginEver WP Content Pilot Plugin up to 2.1.7 on WordPress. It has been classified as
CVE-2025-64384 | jetmonsters JetFormBuilder Plugin up to 3.5.3 on WordPress authorization
A vulnerability was found in jetmonsters JetFormBuilder Plugin up to 3.5.3 on WordPress. It has been declared as critical. The
CVE-2025-64292 | PascalBajorat Analytics Germanized for Google Analytics Plugin up to 1.6.2 on WordPress cross site scripting
A vulnerability was found in PascalBajorat Analytics Germanized for Google Analytics Plugin up to 1.6.2 on WordPress. It has been
CVE-2025-64380 | Pluggabl Booster for WooCommerce Plugin up to 7.3.2 on WordPress cross site scripting
A vulnerability categorized as problematic has been discovered in Pluggabl Booster for WooCommerce Plugin up to 7.3.2 on WordPress. This
CVE-2025-64262 | Ramon Fincken Auto Prune Posts Plugin up to 3.0.0 on WordPress cross-site request forgery
A vulnerability identified as problematic has been detected in Ramon Fincken Auto Prune Posts Plugin up to 3.0.0 on WordPress.
CVE-2025-64264 | Aman Popup Addon for Ninja Forms Plugin up to 3.5.1 on WordPress cross site scripting
A vulnerability labeled as problematic has been found in Aman Popup Addon for Ninja Forms Plugin up to 3.5.1 on
CVE-2025-64275 | wpdevelop Booking Manager Plugin up to 2.1.17 on WordPress cross site scripting
A vulnerability marked as problematic has been reported in wpdevelop Booking Manager Plugin up to 2.1.17 on WordPress. Affected by
CVE-2025-64381 | wpdevelop Booking Calendar Plugin up to 10.14.7 on WordPress cross site scripting
A vulnerability described as problematic has been identified in wpdevelop Booking Calendar Plugin up to 10.14.7 on WordPress. Affected by
CVE-2025-64383 | Qode Qi Blocks Plugin up to 1.4.3 on WordPress cross site scripting
A vulnerability classified as problematic has been found in Qode Qi Blocks Plugin up to 1.4.3 on WordPress. This affects
CVE-2025-7704 | SMCI SYS-111C-NR BMC 1.04.11 Insyde SMASH Shell Program stack-based overflow
A vulnerability classified as critical was found in SMCI SYS-111C-NR BMC 1.04.11. This vulnerability affects unknown code of the component
CVE-2025-64271 | HasThemes WP Plugin Manager up to 1.4.7 on WordPress cross-site request forgery
A vulnerability, which was classified as problematic, has been found in HasThemes WP Plugin Manager up to 1.4.7 on WordPress.
CVE-2025-13119 | Fabian Ros/SourceCodester Simple E-Banking System 1.0 cross-site request forgery
A vulnerability was found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. It has been classified as problematic. This affects an
CVE-2025-13120 | mruby up to 3.4.0 src/array.c sort_cmp use after free (Issue 6649)
A vulnerability was found in mruby up to 3.4.0. It has been declared as critical. This vulnerability affects the function
CVE-2025-40206 | Linux Kernel up to 6.6.112/6.12.53/6.17.3 nft_objref state issue
A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.112/6.12.53/6.17.3. The impacted element is the function
CVE-2025-40191 | Linux Kernel up to 6.17.3 amdkfd kfd_lookup_process_by_pid null pointer dereference
A vulnerability described as critical has been identified in Linux Kernel up to 6.17.3. This affects the function kfd_lookup_process_by_pid of
CVE-2025-36223 | IBM OpenPages 9.0/9.1 HTTP Header http headers for scripting syntax
A vulnerability classified as critical has been found in IBM OpenPages 9.0/9.1. This impacts an unknown function of the component
CVE-2025-12048 | Lenovo Scanner Pro up to 1.0.0.4 unrestricted upload
A vulnerability classified as critical was found in Lenovo Scanner Pro up to 1.0.0.4. Affected is an unknown function. Such
CVE-2025-46428 | Dell SmartFabric OS10 Software up to 10.6.0.5 command injection (dsa-2025-407)
A vulnerability, which was classified as critical, has been found in Dell SmartFabric OS10 Software up to 10.6.0.5. Affected by
CVE-2025-64186 | evervault evervault-go up to 1.3.1 TLS Certificate signature verification (GHSA-88h9-77c7-p6w4)
A vulnerability, which was classified as problematic, was found in evervault evervault-go up to 1.3.1. Affected by this issue is
CVE-2025-33119 | IBM QRadar Security Information and Event Management up to 7.5.0 UP14 Configuration File password in configuration file
A vulnerability has been found in IBM QRadar Security Information and Event Management up to 7.5.0 UP14 and classified as
CVE-2011-10034 | IRAI AUTOMGEN up to 8.0.0.7 use after free (Exploit 17964 / EDB-17964)
A vulnerability was found in IRAI AUTOMGEN up to 8.0.0.7 and classified as critical. This vulnerability affects unknown code. The
CVE-2017-20211 | UCanCode.Net E-XD++ Visualization Enterprise Suite TKDRAWCAD.TKDrawCADCtrl.1 out-of-range pointer offset (ZDI-17-422)
A vulnerability was found in UCanCode.Net E-XD++ Visualization Enterprise Suite. It has been classified as critical. This issue affects some
CVE-2022-4983 | TEC-IT TBarCode 11.15 TBarCode11.ocx file inclusion
A vulnerability was found in TEC-IT TBarCode 11.15. It has been declared as critical. Impacted is an unknown function of
CVE-2025-64517 | trifectatechfoundation sudo-rs up to 0.2.9 improper authentication (GHSA-q428-6v73-fc4q / Nessus ID 274962)
A vulnerability was found in trifectatechfoundation sudo-rs up to 0.2.9. It has been rated as critical. The affected element is
CVE-2025-46608 | Dell Data Lakehouse up to 1.6.0.0 access control (dsa-2025-375)
A vulnerability categorized as critical has been discovered in Dell Data Lakehouse up to 1.6.0.0. The impacted element is an
CVE-2025-12047 | Lenovo Scanner Pro up to 1.2.6 certificate validation
A vulnerability identified as critical has been detected in Lenovo Scanner Pro up to 1.2.6. This affects an unknown function.
CVE-2025-46427 | Dell SmartFabric OS10 Software up to 10.6.0.5 command injection (dsa-2025-407)
A vulnerability labeled as critical has been found in Dell SmartFabric OS10 Software up to 10.6.0.5. This impacts an unknown
CVE-2025-64523 | filebrowser up to 2.45.0 improper authorization (GHSA-6cqf-cfhv-659g)
A vulnerability marked as critical has been reported in filebrowser up to 2.45.0. Affected is an unknown function. This manipulation
CVE-2025-59367 | ASUS DSL-AC51/DSL-N16/DSL-AC750 authentication bypass
A vulnerability described as critical has been identified in ASUS DSL-AC51, DSL-N16 and DSL-AC750. Affected by this vulnerability is an
CVE-2025-64716 | TecharoHQ anubis up to 1.22.x cross site scripting (GHSA-cf57-c578-7jvv)
A vulnerability classified as problematic has been found in TecharoHQ anubis up to 1.22.x. Affected by this issue is some
CVE-2016-15055 | JVC IP-Camera up to 2016-08-22 Checkcgi Endpoint path traversal (Exploit 40282 / EDB-40282)
A vulnerability classified as critical was found in JVC IP-Camera up to 2016-08-22. This affects an unknown part of the
CVE-2021-4464 | FiberHome AN5506-04-FA/HG6245D HTTP Service Cookie stack-based overflow
A vulnerability, which was classified as critical, has been found in FiberHome AN5506-04-FA and HG6245D. This vulnerability affects unknown code
CVE-2023-7326 | Seiko Epson Epson Stylus SX510W up to 2023-05-13 Web Management Services INDEX.HTML resource consumption (Exploit 51441 / EDB-51441)
A vulnerability, which was classified as problematic, was found in Seiko Epson Epson Stylus SX510W up to 2023-05-13. This issue
CVE-2023-7327 | Ozeki SMS Gateway up to 10.3.208 path traversal (Exploit 51646 / EDB-51646)
A vulnerability has been found in Ozeki SMS Gateway up to 10.3.208 and classified as critical. Impacted is an unknown
CVE-2023-7329 | tinycontrol Lan Controller up to 1.58a Requests stm.cgi missing authentication (ID 174455 / EDB-51730)
A vulnerability was found in tinycontrol Lan Controller up to 1.58a and classified as critical. The affected element is an
CVE-2025-64170 | trifectatechfoundation sudo-rs up to 0.2.9 missing password field masking (GHSA-c978-wq47-pvvw / Nessus ID 274961)
A vulnerability was found in trifectatechfoundation sudo-rs up to 0.2.9. It has been classified as problematic. The impacted element is
CVE-2025-64345 | bytecodealliance wasmtime up to 24.0.4/36.0.2/37.0.2/38.0.3 Shared Memory Page Memory::new race condition (GHSA-hc7m-r6v8-hg9q)
A vulnerability was found in bytecodealliance wasmtime up to 24.0.4/36.0.2/37.0.2/38.0.3. It has been declared as problematic. This affects the function
CVE-2025-64705 | Frappe LMS up to 2.40.x information disclosure (GHSA-qrvv-6g7r-g3v8)
A vulnerability was found in Frappe LMS up to 2.40.x. It has been rated as problematic. This impacts an unknown
CVE-2025-64707 | Frappe LMS up to 2.40.x authorization (GHSA-w2gf-rchw-x6vm)
A vulnerability categorized as problematic has been discovered in Frappe LMS up to 2.40.x. Affected is an unknown function. The
CVE-2021-4463 | Shenzhen Longjing BEMS API up to 1.21 fileName file access (ID 163702 / EDB-50163)
A vulnerability identified as problematic has been detected in Shenzhen Longjing BEMS API up to 1.21. Affected by this vulnerability
CVE-2025-64117 | Enalean Tuleap Community Edition/Tuleap Enterprise Edition cross-site request forgery (GHSA-p2f7-qw8p-f2p7)
A vulnerability labeled as problematic has been found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. Affected by this
CVE-2025-10495 | Lenovo App Store/PC Manager/Browser/Legion Zone certificate validation
A vulnerability marked as critical has been reported in Lenovo App Store, PC Manager, Browser and Legion Zone. This affects
CVE-2025-8421 | Lenovo Dock Manager prior 1.6.5.2 Installation default permission
A vulnerability described as critical has been identified in Lenovo Dock Manager. This vulnerability affects unknown code of the component
CVE-2025-64482 | Enalean Tuleap Community Edition/Tuleap Enterprise Edition cross-site request forgery (GHSA-w7h4-9vf6-q7rc)
A vulnerability classified as problematic has been found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. This issue affects
CVE-2024-48829 | Dell SmartFabric OS10 Software up to 10.6.0.5 code injection (dsa-2025-407)
A vulnerability classified as critical was found in Dell SmartFabric OS10 Software up to 10.6.0.5. Impacted is an unknown function.
CVE-2022-4982 | DBL GoIP-1 up to GHSFVT-1.1-67-5 frame.html path filename control (EDB-50775)
A vulnerability, which was classified as problematic, has been found in DBL GoIP-1 up to GHSFVT-1.1-67-5. The affected element is
CVE-2025-64711 | PrivateBin up to 2.0.2 File cross site scripting (GHSA-r9x7-7ggj-fx9f)
A vulnerability, which was classified as problematic, was found in PrivateBin up to 2.0.2. The impacted element is an unknown
CVE-2025-8485 | Lenovo App Store 5.1.110.5082/9.0.17 Installation default permission
A vulnerability has been found in Lenovo App Store 5.1.110.5082/9.0.17 and classified as critical. This affects an unknown function of
CVE-2025-64710 | bitfoundation bitplatform up to 9.11.2 WebInteropApp/WebAppInterop cross site scripting (GHSA-rv95-xj37-7c3w)
A vulnerability was found in bitfoundation bitplatform up to 9.11.2 and classified as problematic. This impacts an unknown function of
CVE-2025-63645 | pH7Software pH7-Social-Dating-CMS 17.9.1 cross site scripting
A vulnerability was found in pH7Software pH7-Social-Dating-CMS 17.9.1. It has been classified as problematic. Affected is an unknown function. The
CVE-2025-12844 | AI Engine Plugin up to 3.1.8 on WordPress Phar Deserialization rest_simpleTranscribeAudio deserialization
A vulnerability was found in AI Engine Plugin up to 3.1.8 on WordPress. It has been declared as critical. Affected
CVE-2025-12015 | Convert WebP & AVIF Plugin up to 2.0.0 on WordPress wp_ajax_wpqai_disconnect_quicq_afosto authorization
A vulnerability was found in Convert WebP & AVIF Plugin up to 2.0.0 on WordPress. It has been rated as
CVE-2025-12681 | Comment Edit Core Plugin up to 3.1.0 on WordPress Email Address ajax_get_comment information disclosure
A vulnerability categorized as problematic has been discovered in Comment Edit Core Plugin up to 3.1.0 on WordPress. This affects
CVE-2025-12377 | Gallery Plugin up to 1.12.0 on WordPress authorization
A vulnerability identified as critical has been detected in Gallery Plugin up to 1.12.0 on WordPress. This vulnerability affects unknown
CVE-2025-10295 | Angel Plugin up to 3.2.3 on WordPress Media Upload cross site scripting
A vulnerability labeled as problematic has been found in Angel Plugin up to 3.2.3 on WordPress. This issue affects some
CVE-2025-8397 | Save as PDF Button Plugin up to 1.9.2 on WordPress Shortcode restpackpdfbutton cross site scripting
A vulnerability marked as problematic has been reported in Save as PDF Button Plugin up to 1.9.2 on WordPress. Impacted
CVE-2025-11260 | WP Headless CMS Framework Plugin up to 1.15 on WordPress Authorization Header protection mechanism
A vulnerability described as critical has been identified in WP Headless CMS Framework Plugin up to 1.15 on WordPress. The
CVE-2025-11769 | Content Flipper Plugin up to 0.1 on WordPress Shortcode flipper_front bgcolor cross site scripting
A vulnerability classified as problematic has been found in Content Flipper Plugin up to 0.1 on WordPress. The impacted element
CVE-2025-13114 | macrozheng mall-swarm up to 1.0.3 /cart/update/attr updateAttr improper authorization
A vulnerability classified as critical was found in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the
CVE-2025-13115 | macrozheng mall-swarm up to 1.0.3 Order Details /order/detail/ detail orderId improper authorization
A vulnerability, which was classified as problematic, has been found in macrozheng mall-swarm up to 1.0.3. This impacts the function
CVE-2025-13116 | macrozheng mall-swarm up to 1.0.3 /order/cancelUserOrder orderId improper authorization
A vulnerability, which was classified as critical, was found in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder
CVE-2025-13117 | macrozheng mall-swarm up to 1.0.3 /order/cancelOrder orderId improper authorization
A vulnerability has been found in macrozheng mall-swarm up to 1.0.3 and classified as critical. Affected by this vulnerability is
CVE-2025-13118 | macrozheng mall-swarm up to 1.0.3 /order/paySuccess orderID improper authorization
A vulnerability was found in macrozheng mall-swarm up to 1.0.3 and classified as critical. Affected by this issue is the
Fedora 43: firefox 145.0 Important Update 2025-2d9e01e0fc
Updated to latest upstream (145.0)LinuxSecurity – Security AdvisoriesRead More
Fedora 43: rubygem-rack Moderate Denial Service Update 2025-b6e0f437b6
Update to Rack 3.1.19LinuxSecurity – Security AdvisoriesRead More
Fedora 42: rubygem-rack Critical Denial Of Service Fix 2025-eae2126736
Update to Rack 2.2.21LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Skopeo Critical Security Issue CVE-2025-58189, CVE-2025-61725
Security fix for CVE-2025-58189 and CVE-2025-61725LinuxSecurity – Security AdvisoriesRead More
Fedora 41: Critical Log Injection and DoS Risks in rubygem-rack 2.2.21
Update to Rack 2.2.21LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Critical Audio Playback Issues in WebKitGTK Resolved Now
Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional