๐จ CVE-2025-68524
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Avante Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-69128
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.
This issue affects JobCareer: from n/a through 7.3.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.
This issue affects JobCareer: from n/a through 7.3.
๐@cveNotify
Patchstack
Arbitrary File Deletion in WordPress JobCareer Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-69140
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress SweetDate Core Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-69144
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
๐@cveNotify
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
๐@cveNotify
Patchstack
Local File Inclusion in WordPress Preservation Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-69170
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
๐@cveNotify
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
๐@cveNotify
Patchstack
Local File Inclusion in WordPress Eventicity Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-69175
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
๐@cveNotify
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
๐@cveNotify
Patchstack
Local File Inclusion in WordPress Line Agency Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-10641
Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cind_handle(), which assigns a per-entry counter index and calls cind_handle_values() for each list element. cind_handle_values() then wrote hf-ind_table[index] = i without verifying that index is within the 20-element int8_t ind_table[] array of struct bt_hfp_hf. Because the parser places no cap on the number of +CIND: list entries, a remote Attendant Gateway (a malicious, compromised, or spoofed peer the device connects to over Bluetooth) can send a response with more than 20 recognized indicator entries and drive index arbitrarily large, writing a small attacker-positioned value past the array into adjacent struct fields (feature masks, SDP/version state, the calls[] array, work/atomic bookkeeping) and potentially beyond the static connection pool slot. This yields memory corruption and at least denial of service of the Bluetooth host, triggered by a single malformed AT response with no user interaction. The sibling consumer ag_indicator_handle_values() already performed the equivalent bounds check; this commit adds the same index = ARRAY_SIZE(hf-ind_table) guard to close the gap. Affects builds with CONFIG_BT_HFP_HF enabled; introduced with the original HFP HF CIND parser (~v1.7) and present through v4.4.0.
๐@cveNotify
Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cind_handle(), which assigns a per-entry counter index and calls cind_handle_values() for each list element. cind_handle_values() then wrote hf-ind_table[index] = i without verifying that index is within the 20-element int8_t ind_table[] array of struct bt_hfp_hf. Because the parser places no cap on the number of +CIND: list entries, a remote Attendant Gateway (a malicious, compromised, or spoofed peer the device connects to over Bluetooth) can send a response with more than 20 recognized indicator entries and drive index arbitrarily large, writing a small attacker-positioned value past the array into adjacent struct fields (feature masks, SDP/version state, the calls[] array, work/atomic bookkeeping) and potentially beyond the static connection pool slot. This yields memory corruption and at least denial of service of the Bluetooth host, triggered by a single malformed AT response with no user interaction. The sibling consumer ag_indicator_handle_values() already performed the equivalent bounds check; this commit adds the same index = ARRAY_SIZE(hf-ind_table) guard to close the gap. Affects builds with CONFIG_BT_HFP_HF enabled; introduced with the original HFP HF CIND parser (~v1.7) and present through v4.4.0.
๐@cveNotify
GitHub
bluetooth: classic: hfp_hf: Fix out-of-bounds access in indicator index ยท zephyrproject-rtos/zephyr@cf7693a
Add validation to ensure the indicator index is within the valid range
of the ind_table array before accessing it in cind_handle_values().
Without this check, an out-of-bounds index could lead to ...
of the ind_table array before accessing it in cind_handle_values().
Without this check, an out-of-bounds index could lead to ...
๐จ CVE-2026-39442
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
๐@cveNotify
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
๐@cveNotify
Patchstack
PHP Object Injection in WordPress PressMart Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-39523
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
๐@cveNotify
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
๐@cveNotify
Patchstack
Local File Inclusion in WordPress Solene Core Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-39576
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
๐@cveNotify
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
๐@cveNotify
Patchstack
PHP Object Injection in WordPress SingleMalt Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-40720
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Royal Elementor Addons Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.