CVE ID : CVE-2025-9277

Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 39 minutes ago

Description : The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35114

Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 39 minutes ago

Description : Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-57820

Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 39 minutes ago

Description : Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2

Severity: 7.9 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35112

Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 39 minutes ago

Description : Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows ‘import/export’, allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35113

Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 39 minutes ago

Description : Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8490

Published : Aug. 27, 2025, 12:15 a.m. | 2 hours, 39 minutes ago

Description : The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Thunderbird 142 release is here with message linking, PDF signatures, Fastmail calendar fixes, and some new-found respect for system Do…

Zoi is a universal package manager and environment setup tool, designed to simplify package management and environment configuration. The post…

Serial Loops is a full-fledged editor for the Nintendo DS game Suzumiya Haruhi no Chokuretsu (The Series of Haruhi Suzumiya).…

Bazaar is a new multi-threaded Flatpak app for installing other Flatpak apps. It can handle multiple operations, curated apps, and…

Parallels Desktop 26 adds macOS Tahoe support, Windows 11 25H2 compatibility, and expanded Linux VM options for both Apple silicon…

Uncrustify is a source code beautifier for C, C++, C#, Objective-C, D, Java, Pawn and Vala. The post Uncrustify –…

I’ve been there. Staring at my screen at 11 p.m., panicked, trying to learn the latest framework because I’m convinced…

PopuraDNS is a simple DNS server with decentralized domain names support. The post PopuraDNS – simple DNS server appeared first…

For this article in the series, I’m looking at the power consumption of the Radxa ROCK 5T single-board computer. The…

Ogni tanto si sente dire: “Linux non è per tutti”. In realtà, sarebbe più corretto dire “GNU/Linux non è per…

Besgnulinux is a computer operating system based on Debian stable and developed to revive old computers. The post Besgnulinux –…

Using static analysis, Staticcheck finds bugs and performance issues, offers simplifications, and enforces style rules. The post Staticcheck – advanced…

Today’s awfulness comes from Tim H, and while it’s technically more than one line, it’s so representative of the code,…

The Laravel Spy package is a lightweight package to track and log outgoing HTTP requests in your application. It features…