In PHP versions 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, and 8.4.* a medium severity vulnerability CVE-2025-1735 was detected. This vulnerability is caused by improper error handling in the pgsql and pdo_pgsql escaping functions, which fail to check for errors returned by the underlying quoting mechanisms, potentially leading to crashes if the PostgreSQL server rejects an invalid string. To address this issue, users should upgrade PHP to versions 8.1.33, 8.2.29, 8.3.23 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1735.
Read more Web DevelopmentIn the Premium Age Verification / Restriction for WordPress plugin, all versions up to and including 3.0.2 a critical severity vulnerability CVE-2025-7401 was detected. This vulnerability allows unauthenticated attackers to read from or write to arbitrary files on the server due to insufficiently protected remote support functionality in remote_tunnel.php. This may lead to exposure of sensitive information or remote code execution. Currently the is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7401.
Read more CMSIn Keycloak in versions prior to 26.3.0 a high severity vulnerability CVE-2025-7365 was detected. This vulnerability allows an authenticated attacker to exploit the account merging process during an identity provider login. By modifying their email to match that of a victim, the attacker triggers a verification email sent to the victim without revealing their own address. To address this issue users must upgrade to version 26.3.0. For more details, visit https://www.cvedetails.com/cve/CVE-2025-7365/.
Read more SecurityIn the Broken Link Notifier plugin for WordPress, all versions up to and including 1.3.0 a high severity vulnerability CVE-2025-6851 was detected. This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery via the ajax_blinks() function, which ultimately calls the check_url_status_code() function. Currently, there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6851.
Read more CMSIn the Broken Link Notifier plugin for WordPress, all versions up to and including 1.3.0 a high severity vulnerability CVE-2025-6838 was detected. This vulnerability allows attackers to inject malicious input into exported CSV files via broken links. To fix this issue, users should upgrade the plugin to version 1.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6838.
Read more CMSIn the WPBookit plugin for WordPress, all versions up to and including 1.0.4 a critical severity vulnerability CVE-2025-6058 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially leading to remote code execution. To fix this issue, users should upgrade the plugin to version 1.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6058.
Read more CMSIn Ansible versions up to 4.50.3 a medium severity vulnerability CVE-2025-53862 was detected. This vulnerability allows attackers to access three API endpoints that return verbose responses, potentially exposing sensitive information. To fix this issue, users should upgrade Ansible to version 4.52.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53862.
Read more IT Business ManagementIn Ansible version 2.x a low severity vulnerability CVE‑2025‑53861 was detected. This vulnerability allows attackers to intercept session data or hijack user sessions by exploiting insecure cookies transmitted over unencrypted connections. To fix this issue, users should upgrade Ansible to version 4.52.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53861.
Read more IT Business ManagementIn Apache HTTP Server versions up to 2.4.63 a medium severity vulnerability CVE-2025-49812 was detected. This vulnerability allows attackers to hijack active HTTP sessions by exploiting a misconfigured TLS upgrade path, potentially gaining unauthorized access to user data or actions. To fix this issue, users should upgrade Apache HTTP Server to version 2.4.64. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49812.
Read more Application Development