Overview CVE-2025-6966 describes a NULL pointer dereference vulnerability found in the TagSection.keys() function of the python-apt package. This vulnerability affects APT-based Linux systems. A local attacker can exploit this flaw to cause a denial of service (DoS) by providing a specially crafted deb822 file containing a malformed, non-UTF-8 key. This leads to a process crash. Technical Details The vulnerability stems from improper handling of non-UTF-8 characters within the keys of a deb822 formatted file. Specifically, when python-apt attempts to process a deb822 file with a key containing characters outside the UTF-8 encoding, the TagSection.keys() function encounters a situation where it…
-
-
Overview CVE-2025-13654 describes a stack buffer overflow vulnerability found in DUC, a disk management tool. Specifically, the vulnerability resides within the buffer_get function. An underflow condition can lead to an out-of-bounds read, ultimately triggering the stack buffer overflow. This can potentially allow an attacker to execute arbitrary code or cause a denial-of-service (DoS). Technical Details The vulnerability in DUC arises due to an integer underflow within the buffer_get function. This underflow causes a condition to evaluate to true unexpectedly, leading to an out-of-bounds read. Because this read writes to a stack buffer, it allows writing beyond the buffer’s boundaries, corrupting…
-
Overview CVE-2025-66200 identifies a security vulnerability in the Apache HTTP Server that could allow for a bypass of the mod_userdir and suexec modules. Specifically, this issue is related to the improper handling of AllowOverride FileInfo configurations. The vulnerability affects Apache HTTP Server versions 2.4.7 through 2.4.65. Technical Details The vulnerability resides in how Apache HTTP Server handles the AllowOverride FileInfo directive in conjunction with mod_userdir and suexec. Users with the ability to utilize the RequestHeader directive within .htaccess files can potentially manipulate the execution context of CGI scripts. By leveraging this flaw, an attacker can cause these CGI scripts to…
-
Published: 2025-12-05 Overview CVE-2025-65082 describes an Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server. This flaw allows attackers to potentially inject parameters into CGI programs by manipulating environment variables defined within the Apache configuration. These configuration-defined variables unexpectedly supersede variables the server calculates and provides to CGI programs. This vulnerability affects Apache HTTP Server versions 2.4.0 through 2.4.65. It is highly recommended to upgrade to version 2.4.66 or later to mitigate this risk. Technical Details The vulnerability stems from the way Apache HTTP Server handles environment variables when executing CGI scripts. When the server is…
-
Overview A critical Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-59775, has been discovered in Apache HTTP Server running on Windows operating systems. This vulnerability exists under specific configurations, namely when AllowEncodedSlashes is set to On and MergeSlashes is set to Off. Exploitation of this vulnerability could allow a malicious actor to potentially leak NTLM hashes to a server controlled by the attacker via crafted requests or malicious content. Technical Details The vulnerability arises due to improper handling of encoded slashes when the aforementioned configuration settings are enabled. When AllowEncodedSlashes On is configured, the server permits encoded slashes (e.g., %2f…
-
Overview A critical security vulnerability, identified as CVE-2025-55753, has been discovered in the Apache HTTP Server. This integer overflow issue affects versions 2.4.30 through 2.4.65. The vulnerability occurs during ACME certificate renewal, potentially leading to denial-of-service-like behavior due to excessive renewal attempts. It is highly recommended that all users upgrade to version 2.4.66 as soon as possible. Technical Details The vulnerability stems from an integer overflow in the backoff timer mechanism used during ACME certificate renewal. When an ACME certificate renewal fails, Apache HTTP Server employs a backoff timer to prevent repeated attempts from overwhelming the ACME server. However, after…
-
Overview CVE-2025-13620 identifies a security vulnerability in the “WP Social Login and Register Social Counter” plugin for WordPress, versions up to and including 3.1.3. This vulnerability allows unauthenticated attackers to manipulate the plugin’s cache due to missing authorization checks on specific REST API endpoints. Exploiting this vulnerability could lead to various malicious activities, including potentially displaying incorrect social counter values or disrupting plugin functionality. Technical Details The core of the issue lies in the plugin’s REST API. The routes wslu/v1/check_cache/{type}, wslu/v1/save_cache/{type}, and wslu/v1/settings/clear_counter_cache are registered with permission_callback set to __return_true. This effectively bypasses authentication and authorization checks, making them accessible…
-
Overview CVE-2025-13739 identifies a stored Cross-Site Scripting (XSS) vulnerability found in the CryptX plugin for WordPress. Versions of the plugin up to and including 4.0.4 are affected. This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious JavaScript code into pages via the plugin’s cryptx shortcode. When a user views a page containing the injected script, the script will execute, potentially allowing the attacker to steal sensitive information, redirect users to malicious websites, or perform actions on behalf of the user. Technical Details The vulnerability arises due to insufficient input sanitization and output escaping within the cryptx…
-
Overview This article discusses a security vulnerability, identified as CVE-2025-13682, affecting the Trail Manager plugin for WordPress. This vulnerability is a Stored Cross-Site Scripting (XSS) flaw found in versions up to and including 1.0.0. Exploitation requires administrator-level or higher permissions and either a multi-site installation or a configuration where unfiltered_html is disabled. Technical Details The Trail Manager plugin fails to properly sanitize user-supplied input in its admin settings. This lack of sanitization, combined with insufficient output escaping, allows an authenticated attacker with administrator privileges to inject arbitrary web scripts into the plugin’s settings. These injected scripts are then stored in…
-
Overview A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Thai Lottery Widget plugin for WordPress, tracked as CVE-2025-13678. This vulnerability affects versions 2.5 and earlier of the plugin. It allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into WordPress pages. This code will then execute whenever a user visits the affected page, potentially leading to account compromise, data theft, or website defacement. Technical Details The vulnerability stems from insufficient input sanitization and output escaping of the width and height attributes used within the thailottery shortcode. The plugin fails to properly validate these…