π¨ CVE-2024-32603
Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.
π@cveNotify
Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.
π@cveNotify
Patchstack
PHP Object Injection in WordPress WooBuddy Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-27782
Multiple insufficient session expiration weaknesses [CWE-613] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.
π@cveNotify
Multiple insufficient session expiration weaknesses [CWE-613] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.
π@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
π¨ CVE-2024-27783
Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.
π@cveNotify
Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.
π@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
π¨ CVE-2024-27784
Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.
π@cveNotify
Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.
π@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
π¨ CVE-2024-27785
An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
π@cveNotify
An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
π@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
π¨ CVE-2024-47356
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Create Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37413
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1.
π@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Preschool and Kindergarten Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37421
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through 1.1.4.
π@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through 1.1.4.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress JobScout Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37426
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0.
π@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Elegant Pink Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-30881
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8.
π@cveNotify
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8.
π@cveNotify
Patchstack
Broken Access Control in WordPress Big Store Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-22644
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1.
π@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-30990
Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.
π@cveNotify
Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.
π@cveNotify
Patchstack
Broken Access Control in WordPress ThemeHunk Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-38695
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the
resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may
occur before sli4_hba.hdwqs are allocated. This may result in a null
pointer dereference when attempting to take the abts_io_buf_list_lock for
the first hardware queue. Fix by adding a null ptr check on
phba->sli4_hba.hdwq and early return because this situation means there
must have been an error during port initialization.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the
resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may
occur before sli4_hba.hdwqs are allocated. This may result in a null
pointer dereference when attempting to take the abts_io_buf_list_lock for
the first hardware queue. Fix by adding a null ptr check on
phba->sli4_hba.hdwq and early return because this situation means there
must have been an error during port initialization.
π@cveNotify
π¨ CVE-2025-38696
In the Linux kernel, the following vulnerability has been resolved:
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Not all tasks have an ABI associated or vDSO mapped,
for example kthreads never do.
If such a task ever ends up calling stack_top(), it will derefence the
NULL ABI pointer and crash.
This can for example happen when using kunit:
mips_stack_top+0x28/0xc0
arch_pick_mmap_layout+0x190/0x220
kunit_vm_mmap_init+0xf8/0x138
__kunit_add_resource+0x40/0xa8
kunit_vm_mmap+0x88/0xd8
usercopy_test_init+0xb8/0x240
kunit_try_run_case+0x5c/0x1a8
kunit_generic_run_threadfn_adapter+0x28/0x50
kthread+0x118/0x240
ret_from_kernel_thread+0x14/0x1c
Only dereference the ABI point if it is set.
The GIC page is also included as it is specific to the vDSO.
Also move the randomization adjustment into the same conditional.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Not all tasks have an ABI associated or vDSO mapped,
for example kthreads never do.
If such a task ever ends up calling stack_top(), it will derefence the
NULL ABI pointer and crash.
This can for example happen when using kunit:
mips_stack_top+0x28/0xc0
arch_pick_mmap_layout+0x190/0x220
kunit_vm_mmap_init+0xf8/0x138
__kunit_add_resource+0x40/0xa8
kunit_vm_mmap+0x88/0xd8
usercopy_test_init+0xb8/0x240
kunit_try_run_case+0x5c/0x1a8
kunit_generic_run_threadfn_adapter+0x28/0x50
kthread+0x118/0x240
ret_from_kernel_thread+0x14/0x1c
Only dereference the ABI point if it is set.
The GIC page is also included as it is specific to the vDSO.
Also move the randomization adjustment into the same conditional.
π@cveNotify
π¨ CVE-2025-38700
In the Linux kernel, the following vulnerability has been resolved:
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
In case of an ib_fast_reg_mr allocation failure during iSER setup, the
machine hits a panic because iscsi_conn->dd_data is initialized
unconditionally, even when no memory is allocated (dd_size == 0). This
leads invalid pointer dereference during connection teardown.
Fix by setting iscsi_conn->dd_data only if memory is actually allocated.
Panic trace:
------------
iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12
iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers
BUG: unable to handle page fault for address: fffffffffffffff8
RIP: 0010:swake_up_locked.part.5+0xa/0x40
Call Trace:
complete+0x31/0x40
iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]
iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]
iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]
iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]
? netlink_lookup+0x12f/0x1b0
? netlink_deliver_tap+0x2c/0x200
netlink_unicast+0x1ab/0x280
netlink_sendmsg+0x257/0x4f0
? _copy_from_user+0x29/0x60
sock_sendmsg+0x5f/0x70
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
In case of an ib_fast_reg_mr allocation failure during iSER setup, the
machine hits a panic because iscsi_conn->dd_data is initialized
unconditionally, even when no memory is allocated (dd_size == 0). This
leads invalid pointer dereference during connection teardown.
Fix by setting iscsi_conn->dd_data only if memory is actually allocated.
Panic trace:
------------
iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12
iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers
BUG: unable to handle page fault for address: fffffffffffffff8
RIP: 0010:swake_up_locked.part.5+0xa/0x40
Call Trace:
complete+0x31/0x40
iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]
iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]
iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]
iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]
? netlink_lookup+0x12f/0x1b0
? netlink_deliver_tap+0x2c/0x200
netlink_unicast+0x1ab/0x280
netlink_sendmsg+0x257/0x4f0
? _copy_from_user+0x29/0x60
sock_sendmsg+0x5f/0x70
π@cveNotify
π¨ CVE-2025-67133
An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component
π@cveNotify
An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component
π@cveNotify
Hero
θ±ιη§ζιε’
θ±ιη§ζιε’ε
ζ¬θ±ιη΅η«γθ±ιζΈΈζεINSζ°δΉεδΈι¨εγθ±ιη΅η«θ΄εδΊζε»Ίε
¨ηε―ζη»η΅η«ηζεοΌθ±ιζΈΈζδ»₯δΊθη½δΏ‘ζ―δΊ§εη εδΈθΏθ₯δΈΊζ ΈεΏοΌζι ζδΈε½ηΉθ²ηδΊθη½ζεη²ΎεοΌINSζ°δΉεδ»₯η΅η«δ½θ²δΈΊδΈ»IPοΌιεδ½θ²εΊι¦γη΅η«θ΅δΊγθΊζ―η©Ίι΄γδΌεη©Ίι΄γζΆε°ζεδΈΊδΈδ½ηζ°δΈδ»£δΏ‘ζ―η»ζ΅η§ζε
π¨ CVE-2025-67278
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request
π@cveNotify
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request
π@cveNotify
π¨ CVE-2025-67279
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format
π@cveNotify
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format
π@cveNotify
π¨ CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user.
π@cveNotify
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user.
π@cveNotify
π¨ CVE-2025-67281
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content.
π@cveNotify
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content.
π@cveNotify
π¨ CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle (MitM) attack to intercept update requests and replace installer or update packages with malicious files.
π@cveNotify
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle (MitM) attack to intercept update requests and replace installer or update packages with malicious files.
π@cveNotify
dogeη Notion on Notion
CVE-2025-56232 | Notion
Name and version of the affected product or software.