Our news and updates

In the Premium Age Verification / Restriction for WordPress plugin, all versions up to and including 3.0.2 a critical severity vulnerability CVE-2025-7401 was detected. This vulnerability allows unauthenticated attackers to read from or write to arbitrary files on the server due to insufficiently protected remote support functionality in remote_tunnel.php. This may lead to exposure of sensitive information or remote code execution. Currently the is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7401.

In Keycloak in versions prior to 26.3.0 a high severity vulnerability CVE-2025-7365 was detected. This vulnerability allows an authenticated attacker to exploit the account merging process during an identity provider login. By modifying their email to match that of a victim, the attacker triggers a verification email sent to the victim without revealing their own address. To address this issue users must upgrade to version 26.3.0. For more details, visit https://www.cvedetails.com/cve/CVE-2025-7365/.

In the Broken Link Notifier plugin for WordPress, all versions up to and including 1.3.0 a high severity vulnerability CVE-2025-6851 was detected. This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery via the ajax_blinks() function, which ultimately calls the check_url_status_code() function. Currently, there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6851.

In Ansible versions up to 4.50.3 a medium severity vulnerability CVE-2025-53862 was detected. This vulnerability allows attackers to access three API endpoints that return verbose responses, potentially exposing sensitive information. To fix this issue, users should upgrade Ansible to version 4.52.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53862.

In Ansible version 2.x a low severity vulnerability CVE‑2025‑53861 was detected. This vulnerability allows attackers to intercept session data or hijack user sessions by exploiting insecure cookies transmitted over unencrypted connections. To fix this issue, users should upgrade Ansible to version 4.52.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53861.

In Apache HTTP Server versions up to 2.4.63 a medium severity vulnerability CVE-2025-49812 was detected. This vulnerability allows attackers to hijack active HTTP sessions by exploiting a misconfigured TLS upgrade path, potentially gaining unauthorized access to user data or actions. To fix this issue, users should upgrade Apache HTTP Server to version 2.4.64. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49812.

In Apache HTTP Server versions from 2.4.26 up to 2.4.63 a medium severity vulnerability CVE-2025-49630 was detected. This vulnerability allows attackers to cause a denial of service by triggering an assertion failure in the mod_proxy_http2 module. To fix this issue, users should upgrade Apache HTTP Server to version 2.4.64. For more information, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49630.

In Apache HTTP Server versions from 2.4.35 up to 2.4.63 a medium severity vulnerability CVE-2025-23048 was detected. This vulnerability allows attackers to bypass access control by exploiting TLS session resumption in certain mod_ssl configurations. To fix this issue, users should upgrade Apache HTTP Server to version 2.4.64. For more information, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23048.

In Flask version 3.1.0 a medium severity vulnerability CVE-2025-47278 was detected. This vulnerability allows attackers to potentially take advantage of old session keys still being used, which weakens protection for user sessions in some setups. To fix this issue, users should upgrade Flask to version 3.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47278.