Prisma AIRS integrates with Azure AI Foundry for real-time AI security. Protect against prompt injection, data loss, malicious code and
Vulnerabilities
Mageia 9: Apache Important Security Issues MGASA-2025-0301
MGASA-2025-0301 – Updated apache packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Mageia 9: PostgreSQL Critical Create Privilege Issue MGASA-2025-0302
MGASA-2025-0302 – Updated postgresql15 & postgresql13 packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
CVE-2025-13349 | SourceCodester Student Grades Management System 1.0 Add New Grade Page /grades.php Remarks cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown
CVE-2025-10089 | Mitsubishi Electric MILCO.S Setting Application MILCO.S Lighting Control.exe uncontrolled search path
A vulnerability classified as problematic was found in Mitsubishi Electric MILCO.S Setting Application, MILCO.S Easy Setting Application and MILCO.S Easy
CVE-2025-7623 | SMCI MBD-X13SEDW-F 01.04.11 SMASH stack-based overflow
A vulnerability, which was classified as critical, has been found in SMCI MBD-X13SEDW-F 01.04.11. The affected element is an unknown
CVE-2025-8404 | SMCI MBD-X13SEDW-F 01.03.48 Shared Library stack-based overflow
A vulnerability, which was classified as critical, was found in SMCI MBD-X13SEDW-F 01.03.48. The impacted element is an unknown function
CVE-2025-8076 | SMCI MBD-X13SEDW-F 01.03.48 Web stack-based overflow
A vulnerability has been found in SMCI MBD-X13SEDW-F 01.03.48 and classified as critical. This affects an unknown function of the
CVE-2025-8727 | SMCI X13SEDW-F 01.03.48 stack-based overflow
A vulnerability was found in SMCI X13SEDW-F 01.03.48 and classified as critical. This impacts an unknown function. Executing manipulation can
CVE-2025-40547 | SolarWinds Serv-U escape output
A vulnerability was found in SolarWinds Serv-U. It has been classified as critical. Affected is an unknown function. The manipulation
CVE-2025-40548 | SolarWinds Serv-U privileges management
A vulnerability was found in SolarWinds Serv-U. It has been declared as critical. Affected by this vulnerability is an unknown
CVE-2025-40549 | SolarWinds Serv-U path traversal
A vulnerability was found in SolarWinds Serv-U. It has been rated as critical. Affected by this issue is some unknown
CVE-2025-26391 | SolarWinds Observability Self-Hosted cross site scripting
A vulnerability categorized as problematic has been discovered in SolarWinds Observability Self-Hosted. This affects an unknown part. Such manipulation leads
CVE-2025-11230 | HAProxy mjson Parsing Library denial of service
A vulnerability identified as problematic has been detected in HAProxy. This vulnerability affects unknown code of the component mjson Parsing
Ubuntu 25.10 Freeglut Important Memory Leak DoS USN-7870-1
Several security issues were fixed in Freeglut.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13226 | Google Chrome up to 141.0.7390.122 V8 type confusion (ID 446113)
A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown
CVE-2025-13227 | Google Chrome up to 141.0.7390.122 V8 type confusion (ID 446122)
A vulnerability was found in Google Chrome. It has been declared as critical. This affects an unknown part of the
CVE-2025-48593 | Google Android 13/14/15/16 bta_hf_client_main.cc bta_hf_client_cb_init use after free
A vulnerability was found in Google Android 13/14/15/16. It has been rated as critical. This vulnerability affects the function bta_hf_client_cb_init
CVE-2025-13223 | Google Chrome up to 142.0.7444.166 V8 type confusion (ID 460017)
A vulnerability categorized as critical has been discovered in Google Chrome. This issue affects some unknown processing of the component
CVE-2025-13230 | Google Chrome up to 141.0.7390.122 V8 type confusion (ID 446124)
A vulnerability identified as critical has been detected in Google Chrome. Impacted is an unknown function of the component V8.
CVE-2025-36461 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver buffer access with incorrect length value (dsa-2025-228)
A vulnerability labeled as critical has been found in Dell ControlVault3 and ControlVault3 Plus. The affected element is an unknown
CVE-2025-13228 | Google Chrome up to 141.0.7390.122 V8 type confusion (ID 446124)
A vulnerability marked as critical has been reported in Google Chrome. The impacted element is an unknown function of the
CVE-2025-13229 | Google Chrome up to 141.0.7390.122 V8 type confusion (ID 446113)
A vulnerability described as critical has been identified in Google Chrome. This affects an unknown function of the component V8.
CVE-2025-13224 | Google Chrome up to 142.0.7444.166 V8 type confusion (ID 450328)
A vulnerability classified as critical has been found in Google Chrome. This impacts an unknown function of the component V8.
CVE-2025-31649 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver uninitialized resource (dsa-2025-228)
A vulnerability classified as problematic was found in Dell ControlVault3 and ControlVault3 Plus. Affected is an unknown function of the
CVE-2025-36462 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver buffer access with incorrect length value (dsa-2025-228)
A vulnerability, which was classified as critical, has been found in Dell ControlVault3 and ControlVault3 Plus. Affected by this vulnerability
CVE-2025-36463 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver buffer access with incorrect length value (dsa-2025-228)
A vulnerability, which was classified as critical, was found in Dell ControlVault3 and ControlVault3 Plus. Affected by this issue is
CVE-2025-36460 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver buffer access with incorrect length value (dsa-2025-228)
A vulnerability has been found in Dell ControlVault3 and ControlVault3 Plus and classified as critical. This affects an unknown part
CVE-2025-32089 | Dell ControlVault3/ControlVault3 Plus ControlVault CvManager_SBI buffer overflow (dsa-2025-228)
A vulnerability was found in Dell ControlVault3 and ControlVault3 Plus and classified as critical. This vulnerability affects the function CvManager_SBI
CVE-2025-6599 | Zyxel DX3301-T0 up to 5.50(ABVY.6.3)C0 Web Management Interface resource consumption
A vulnerability was found in Zyxel DX3301-T0 up to 5.50(ABVY.6.3)C0. It has been classified as problematic. This issue affects some
CVE-2025-8693 | Zyxel DX3300-T0 up to 5.50(ABVY.6.3)C0 priv os command injection
A vulnerability was found in Zyxel DX3300-T0 up to 5.50(ABVY.6.3)C0. It has been declared as critical. Impacted is an unknown
CVE-2025-31361 | Dell ControlVault3/ControlVault3 Plus ControlVault WBDI Driver uninitialized resource (dsa-2025-228)
A vulnerability was found in Dell ControlVault3 and ControlVault3 Plus. It has been rated as problematic. The affected element is
CVE-2025-36553 | Dell ControlVault3/ControlVault3 Plus ControlVault CvManager buffer overflow (dsa-2025-228)
A vulnerability categorized as critical has been discovered in Dell ControlVault3 and ControlVault3 Plus. The impacted element is the function
CVE-2025-64766 | NixOS nixpkgs up to 25.4/25.10 hard-coded credentials (GHSA-58m4-5wg3-5g5v)
A vulnerability identified as critical has been detected in NixOS nixpkgs up to 25.4/25.10. This affects an unknown function. The
CVE-2025-52457 | Gallagher HBUS Devices timing discrepancy
A vulnerability labeled as problematic has been found in Gallagher HBUS Devices. This impacts an unknown function. The manipulation results
CVE-2025-64734 | Gallagher T21 Reader release of resource
A vulnerability marked as problematic has been reported in Gallagher T21 Reader. Affected is an unknown function. This manipulation causes
CVE-2025-52578 | Gallagher High Sec End of Line Module prng seed
A vulnerability described as problematic has been identified in Gallagher High Sec End of Line Module. Affected by this vulnerability
CVE-2025-12792 | Canva up to 1.117.0 on macOS default permission
A vulnerability classified as critical has been found in Canva up to 1.117.0 on macOS. Affected by this issue is
CVE-2025-12545 | Pixel Manager for WooCommerce Plugin up to 1.49.2 on WordPress ajax_pmw_get_product_ids information disclosure
A vulnerability classified as problematic was found in Pixel Manager for WooCommerce Plugin up to 1.49.2 on WordPress. This affects
CVE-2025-13069 | Enable SVG, WebP, and ICO Upload Plugin up to 1.1.2 on WordPress ICO File unrestricted upload
A vulnerability, which was classified as critical, has been found in Enable SVG, WebP, and ICO Upload Plugin up to
CVE-2025-12955 | delabon Live Sales Notification for Woocommerce Plugin up to 2.3.39 on WordPress Customer Information getOrders authorization
A vulnerability, which was classified as problematic, was found in delabon Live Sales Notification for Woocommerce Plugin up to 2.3.39
CVE-2025-12481 | WP Duplicate Page Plugin up to 1.7 on WordPress saveSettings authorization
A vulnerability has been found in WP Duplicate Page Plugin up to 1.7 on WordPress and classified as problematic. Impacted
CVE-2025-13196 | Element Pack Addons for Elementor Plugin up to 8.3.4 on WordPress Street Map Widget render cross site scripting
A vulnerability was found in Element Pack Addons for Elementor Plugin up to 8.3.4 on WordPress and classified as problematic.
CVE-2025-11427 | WP Migrate Lite Plugin up to 2.7.6 on WordPress wpmdb_flush server-side request forgery
A vulnerability was found in WP Migrate Lite Plugin up to 2.7.6 on WordPress. It has been classified as critical.
CVE-2025-8084 | AI Engine Plugin up to 3.1.8 on WordPress rest_helpers_create_images server-side request forgery
A vulnerability was found in AI Engine Plugin up to 3.1.8 on WordPress. It has been declared as critical. This
CVE-2025-12376 | Icon List Block Plugin up to 1.2.1 on WordPress fs_api_request server-side request forgery
A vulnerability was found in Icon List Block Plugin up to 1.2.1 on WordPress. It has been rated as critical.
CVE-2025-13343 | SourceCodester Interview Management System 1.0 /editQuestion.php Question cross site scripting
A vulnerability categorized as problematic has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of
CVE-2025-13344 | SourceCodester Train Station Ticketing System 1.0 /ajax.php?action=login Username sql injection
A vulnerability identified as critical has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is
CVE-2025-13345 | SourceCodester Train Station Ticketing System 1.0 ajax.php?action=save_ticket sql injection
A vulnerability labeled as critical has been found in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is
CVE-2025-13346 | SourceCodester Train Station Ticketing System 1.0 ajax.php?action=save_station id/station sql injection
A vulnerability marked as critical has been reported in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part
CVE-2025-13347 | SourceCodester Train Station Ticketing System 1.0 ajax.php?action=save_user Username sql injection
A vulnerability described as critical has been identified in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code
Fedora 41: FVWM3 Critical Update for Command Injection CVE-2025-47906
FVWM3 ver. 1.1.4LinuxSecurity – Security AdvisoriesRead More
Fedora 42: fvwm3 Critical CVE-2025-47906 Window Manager Update
FVWM3 ver. 1.1.4LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Advisory on Chromium CVE-2025-13042 High Risk Vulnerability
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8LinuxSecurity – Security AdvisoriesRead More
Mageia 9: Bug Fix Advisory MGAA-2025-0097 for VirtualBox KVM Conflict
MGAA-2025-0097 – Updated virtualbox & kmod-virtualbox packages fix bugLinuxSecurity – Security AdvisoriesRead More
Debian 11: Libwebsockets Critical DoS and Buffer Overflow DLA-4373-1
Libwebsockets (LWS) is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using
Mageia 9: MGAA-2025-0099 Bugfix on Updated Packages with ICU 73
MGAA-2025-0099 – Updated packages using updated icu to fix bugLinuxSecurity – Security AdvisoriesRead More
Mageia 9: python-packaging Bugfix for Playback Issue MGAA-2025-0098
MGAA-2025-0098 – Updated python-packaging, python-hatchling & yt-dlp packages fix bugLinuxSecurity – Security AdvisoriesRead More
Mageia 9 Gnome-Builder Bug Fix Release Notice MGAA-2025-0100
MGAA-2025-0100 – Updated gnome-builder, gnucash, kdeplasma-addons, evolution-data-server, kbibtex, geary packages fix bugLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Firefox High Spoofing Race Condition Fix MGASA-2025-0300
MGASA-2025-0300 – Updated firefox packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
CVE-2024-44658 | PHPGurukul Complaint Management System 2.0 subcategory.php subcategory/category sql injection
A vulnerability marked as critical has been reported in PHPGurukul Complaint Management System 2.0. The affected element is an unknown
CVE-2024-44663 | PHPGurukul Online Shopping Portal 2.0 search-result.php Product sql injection
A vulnerability described as critical has been identified in PHPGurukul Online Shopping Portal 2.0. The impacted element is an unknown
CVE-2024-44659 | PHPGurukul Online Shopping Portal 2.0 forgot-password.php email sql injection
A vulnerability classified as critical has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown function of
CVE-2024-44664 | PHPGurukul Online Shopping Portal 2.0 product-details.php name/summary/review/quality/price/value sql injection
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This impacts an unknown function of the
CVE-2025-58407 | Imagination Graphics DDK up to 25.1 RTM1/25.2 RTM1 toctou
A vulnerability, which was classified as critical, has been found in Imagination Graphics DDK up to 25.1 RTM1/25.2 RTM1. Affected
CVE-2025-64342 | Espressif ESP-IDF up to 5.1.6/5.2.5/5.3.4/5.4.2/5.5.1 unusual condition (GHSA-8mg7-9qpg-p92v)
A vulnerability, which was classified as problematic, was found in Espressif ESP-IDF up to 5.1.6/5.2.5/5.3.4/5.4.2/5.5.1. Affected by this vulnerability is
CVE-2025-64756 | isaacs node-glob up to 11.0.x -c/–cmd os command injection (GHSA-5j98-mcp5-4vw2)
A vulnerability has been found in isaacs node-glob up to 11.0.x and classified as critical. Affected by this issue is
CVE-2025-64758 | DependencyTrack Frontend up to 4.13.5 cross site scripting (GHSA-7xvh-c266-cfr5)
A vulnerability was found in DependencyTrack Frontend up to 4.13.5 and classified as problematic. This affects an unknown part. Executing
CVE-2025-34323 | Nagios Log Server up to 2024R2.0.3 permission assignment
A vulnerability was found in Nagios Log Server. It has been classified as critical. This vulnerability affects unknown code. The
CVE-2025-36299 | IBM Planning Analytics Local up to 2.1.14 sensitive information in source
A vulnerability was found in IBM Planning Analytics Local up to 2.1.14. It has been declared as problematic. This issue
CVE-2024-44655 | PHPGurukul Complaint Management System 2.0 user-search.php Search cross site scripting
A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as problematic. Impacted is an unknown
CVE-2024-46335 | PHPGurukul Complaint Management System 2.0 between-date-userreport.php fromdate/todate cross site scripting
A vulnerability categorized as problematic has been discovered in PHPGurukul Complaint Management System 2.0. The affected element is an unknown
CVE-2024-44661 | PHPGurukul Online Shopping Portal 2.0 my-cart.php quantity cross site scripting
A vulnerability identified as problematic has been detected in PHPGurukul Online Shopping Portal 2.0. The impacted element is an unknown
CVE-2025-55058 | Rumpus FTP Server 9.0.12 denial of service
A vulnerability labeled as problematic has been found in Rumpus FTP Server 9.0.12. This affects an unknown function. Executing manipulation
CVE-2025-55055 | Rumpus FTP Server 9.0.12 os command injection
A vulnerability marked as critical has been reported in Rumpus FTP Server 9.0.12. This impacts an unknown function. The manipulation
CVE-2025-55059 | Rumpus FTP Server 9.0.12 cross site scripting
A vulnerability described as problematic has been identified in Rumpus FTP Server 9.0.12. Affected is an unknown function. The manipulation
CVE-2025-55056 | Rumpus FTP Server 9.0.12 cross site scripting
A vulnerability classified as problematic has been found in Rumpus FTP Server 9.0.12. Affected by this vulnerability is an unknown
CVE-2025-55057 | Rumpus FTP Server 9.0.12 cross-site request forgery
A vulnerability classified as problematic was found in Rumpus FTP Server 9.0.12. Affected by this issue is some unknown functionality.
CVE-2025-12528 | Pie Forms for WP Plugin up to 1.6 on WordPress format_classic unrestricted upload
A vulnerability, which was classified as critical, has been found in Pie Forms for WP Plugin up to 1.6 on
CVE-2025-13088 | Category and Product Woocommerce Tabs Plugin up to 1.0 on WordPress categoryProductTab template file inclusion
A vulnerability, which was classified as critical, was found in Category and Product Woocommerce Tabs Plugin up to 1.0 on
CVE-2025-12639 | wModes Plugin up to 1.2.2 on WordPress AJAX Endpoint authorization
A vulnerability has been found in wModes Plugin up to 1.2.2 on WordPress and classified as problematic. This issue affects
CVE-2025-12411 | Premmerce Wholesale Pricing for WooCommerce Plugin admin-post.php sql injection
A vulnerability was found in Premmerce Wholesale Pricing for WooCommerce Plugin up to 1.1.10 on WordPress and classified as critical.
CVE-2025-12372 | Permalinks Cascade Plugin up to 2.2 on WordPress Setting handleTPCAdminAjaxRequest authorization
A vulnerability was found in Permalinks Cascade Plugin up to 2.2 on WordPress. It has been classified as problematic. The
CVE-2025-12392 | Cryptocurrency Payment Gateway for WooCommerce Plugin Status Update handle_optin_optout authorization
A vulnerability was found in Cryptocurrency Payment Gateway for WooCommerce Plugin up to 2.0.22 on WordPress. It has been declared
CVE-2025-12775 | WP Dropzone Plugin up to 1.1.0 on WordPress ajax_upload_handle unrestricted upload
A vulnerability was found in WP Dropzone Plugin up to 1.1.0 on WordPress. It has been rated as critical. This
CVE-2025-12524 | Post Type Switcher Plugin up to 4.0.0 on WordPress resource injection
A vulnerability categorized as problematic has been discovered in Post Type Switcher Plugin up to 4.0.0 on WordPress. This impacts
CVE-2025-11620 | Multiple Roles per User Plugin up to 1.0 on WordPress mrpu_add_multiple_roles_ui authorization
A vulnerability identified as critical has been detected in Multiple Roles per User Plugin up to 1.0 on WordPress. Affected
CVE-2025-12937 | ACF Flexible Layouts Manager Plugin up to 1.1.6 on WordPress acf_flm_update_template_with_pasted_layout authorization
A vulnerability labeled as problematic has been found in ACF Flexible Layouts Manager Plugin up to 1.1.6 on WordPress. Affected
CVE-2025-12961 | Download Panel Plugin up to 1.3.3 on WordPress Setting dlpn_save_settings authorization
A vulnerability marked as critical has been reported in Download Panel Plugin up to 1.3.3 on WordPress. Affected by this
CVE-2025-9625 | Coil Web Monetization Plugin up to 2.0.2 on WordPress maybe_restrict_content cross-site request forgery
A vulnerability described as problematic has been identified in Coil Web Monetization Plugin up to 2.0.2 on WordPress. This affects
CVE-2025-11265 | VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress vkExUnit_cta_url custom_field_name cross site scripting
A vulnerability classified as problematic has been found in VK All in One Expansion Unit Plugin up to 9.112.1 on
CVE-2025-4212 | WP Wham Checkout Files Upload for WooCommerce Plugin up to 2.2.1 on WordPress cross site scripting
A vulnerability classified as problematic was found in WP Wham Checkout Files Upload for WooCommerce Plugin up to 2.2.1 on
CVE-2025-8609 | Rometheme RTMKit Addons for Elementor Plugin up to 1.6.1/1.6.5 on WordPress Block Attribute cross site scripting
A vulnerability, which was classified as problematic, has been found in Rometheme RTMKit Addons for Elementor Plugin up to 1.6.1/1.6.5
CVE-2025-13133 | Simple User Import Export Plugin up to 1.1.7 on WordPress Import/Export csv injection
A vulnerability, which was classified as critical, was found in Simple User Import Export Plugin up to 1.1.7 on WordPress.
CVE-2025-11267 | VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress _veu_custom_css cross site scripting
A vulnerability has been found in VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress and classified
CVE-2025-11734 | AIOSEO Broken Link Checker Plugin up to 1.2.5 on WordPress REST API Endpoint aioseo_blc_broken_links_page authorization
A vulnerability was found in AIOSEO Broken Link Checker Plugin up to 1.2.5 on WordPress and classified as problematic. This
CVE-2025-12827 | Top Friends Plugin up to 0.3 on WordPress Setting top_friends_options_subpanel cross-site request forgery
A vulnerability was found in Top Friends Plugin up to 0.3 on WordPress. It has been classified as problematic. This
CVE-2025-8605 | Gutenify Plugin up to 1.5.9 on WordPress Block Attribute cross site scripting
A vulnerability was found in Gutenify Plugin up to 1.5.9 on WordPress. It has been declared as problematic. Affected is
CVE-2025-12391 | Restrictions for BuddyPress Plugin up to 1.5.2 on WordPress Status Update handle_optin_optout authorization
A vulnerability was found in Restrictions for BuddyPress Plugin up to 1.5.2 on WordPress. It has been rated as problematic.
CVE-2025-12823 | CSV to SortTable Plugin up to 4.2 on WordPress Shortcode csv cross site scripting
A vulnerability categorized as problematic has been discovered in CSV to SortTable Plugin up to 4.2 on WordPress. Affected by
CVE-2025-12078 | ArtiBot Free Chat Bot for WebSites Plugin up to 1.1.7 on WordPress cross site scripting
A vulnerability identified as problematic has been detected in ArtiBot Free Chat Bot for WebSites Plugin up to 1.1.7 on