π¨ CVE-2025-11454
The Specific Content For Mobile β Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with COntributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
The Specific Content For Mobile β Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with COntributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
π¨ CVE-2025-11994
The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2025-40112
In the Linux kernel, the following vulnerability has been resolved:
sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara
The referenced commit introduced exception handlers on user-space memory
references in copy_from_user and copy_to_user. These handlers return from
the respective function and calculate the remaining bytes left to copy
using the current register contents. This commit fixes a couple of bad
calculations and a broken epilogue in the exception handlers. This will
prevent crashes and ensure correct return values of copy_from_user and
copy_to_user in the faulting case. The behaviour of memcpy stays unchanged.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara
The referenced commit introduced exception handlers on user-space memory
references in copy_from_user and copy_to_user. These handlers return from
the respective function and calculate the remaining bytes left to copy
using the current register contents. This commit fixes a couple of bad
calculations and a broken epilogue in the exception handlers. This will
prevent crashes and ensure correct return values of copy_from_user and
copy_to_user in the faulting case. The behaviour of memcpy stays unchanged.
π@cveNotify
π¨ CVE-2025-40113
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E
The ADSP firmware on X1E has separate firmware binaries for the main
firmware and the DTB. The same applies for the "lite" firmware loaded by
the boot firmware.
When preparing to load the new ADSP firmware we shutdown the lite_pas_id
for the main firmware, but we don't shutdown the corresponding lite pas_id
for the DTB. The fact that we're leaving it "running" forever becomes
obvious if you try to reuse (or just access) the memory region used by the
"lite" firmware: The &adsp_boot_mem is accessible, but accessing the
&adsp_boot_dtb_mem results in a crash.
We don't support reusing the memory regions currently, but nevertheless we
should not keep part of the lite firmware running. Fix this by adding the
lite_dtb_pas_id and shutting it down as well.
We don't have a way to detect if the lite firmware is actually running yet,
so ignore the return status of qcom_scm_pas_shutdown() for now. This was
already the case before, the assignment to "ret" is not used anywhere.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E
The ADSP firmware on X1E has separate firmware binaries for the main
firmware and the DTB. The same applies for the "lite" firmware loaded by
the boot firmware.
When preparing to load the new ADSP firmware we shutdown the lite_pas_id
for the main firmware, but we don't shutdown the corresponding lite pas_id
for the DTB. The fact that we're leaving it "running" forever becomes
obvious if you try to reuse (or just access) the memory region used by the
"lite" firmware: The &adsp_boot_mem is accessible, but accessing the
&adsp_boot_dtb_mem results in a crash.
We don't support reusing the memory regions currently, but nevertheless we
should not keep part of the lite firmware running. Fix this by adding the
lite_dtb_pas_id and shutting it down as well.
We don't have a way to detect if the lite firmware is actually running yet,
so ignore the return status of qcom_scm_pas_shutdown() for now. This was
already the case before, the assignment to "ret" is not used anywhere.
π@cveNotify
π¨ CVE-2025-46817
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
π@cveNotify
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
π@cveNotify
GitHub
Lua script may lead to integer overflow and potential RCE (CVE-2025-4β¦ Β· redis/redis@fc9abc7
β¦6817)
π¨ CVE-2025-46818
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
π@cveNotify
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
π@cveNotify
GitHub
Lua script can be executed in the context of another user (CVE-2025-4β¦ Β· redis/redis@45eac02
β¦6818)
π¨ CVE-2025-46819
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
π@cveNotify
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
π@cveNotify
GitHub
LUA out-of-bound read (CVE-2025-46819) Β· redis/redis@3a1624d
For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine. - LUA out-of-bound read (CVE-2025-46819) Β· redis/redis@3a1624d
π¨ CVE-2025-49844
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
π@cveNotify
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
π@cveNotify
GitHub
Lua script may lead to remote code execution (CVE-2025-49844) Β· redis/redis@d5728cb
For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine. - Lua script may lead to remote code execution (CVE-2025-49844)β¦
π¨ CVE-2025-12998
Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.
π@cveNotify
Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.
π@cveNotify
typo3.org
Broken Authentication in extension "Modules" (modules)
It has been discovered that the extension "Modules" (modules) is susceptible to Broken Authentication.
π¨ CVE-2025-12612
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_course. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_course. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
Campcodes School Fees Payment Management System V1.0 /School_Fees_Payment_Management_System/ajax.php?action=delete_course SQLβ¦
NAME OF AFFECTED PRODUCT(S) School Fees Payment Management System Vendor Homepage https://www.campcodes.com/projects/php/school-fees-payment-management-system-in-php-mysql-free-download/ AFFECTED A...
π¨ CVE-2025-62876
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.
π@cveNotify
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.
π@cveNotify
π¨ CVE-2025-61945
Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
π@cveNotify
Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
π@cveNotify
GitHub
CSAF/csaf_files/OT/white/2025/icsa-25-308-04.json at develop Β· cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
π¨ CVE-2025-54863
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
π@cveNotify
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
π@cveNotify
GitHub
CSAF/csaf_files/OT/white/2025/icsa-25-308-04.json at develop Β· cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
π¨ CVE-2025-11565
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload.
π@cveNotify
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload.
π@cveNotify
π¨ CVE-2025-11566
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint.
π@cveNotify
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint.
π@cveNotify
π¨ CVE-2025-11567
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.
π@cveNotify
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.
π@cveNotify
π¨ CVE-2021-20023
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
π@cveNotify
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
π@cveNotify
π¨ CVE-2025-24085
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
π@cveNotify
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
π@cveNotify
Apple Support
About the security content of iOS 18.3 and iPadOS 18.3 - Apple Support
This document describes the security content of iOS 18.3 and iPadOS 18.3.
π¨ CVE-2025-23412
When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP APM access profile vulnerability CVE-2025-23412
Security Advisory Description When a BIG-IP APM access profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2025-23412) Impact Traffic is disrupted while the TMM process restarts.β¦
π¨ CVE-2025-23413
When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP Next Central Manager logging vulnerability CVE-2025-23413
Security Advisory Description When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. (CVE-2025-23413) Impact An authenticated attacker granted the Administratorβ¦
π¨ CVE-2025-23415
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP APM endpoint inspection vulnerability CVE-2025-23415
Security Advisory Description A missing integrity check vulnerability exists in BIG-IP APM access policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connections initiated through the BIG-IP APM browser networkβ¦