Category: Vulnerabilities

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the...

Transient DOS while processing the EHT operation IE in the received beacon frame. Assigner : security.cna@qualcomm.com More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. Assigner : security.cna@qualcomm.com More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. Assigner : security.cna@qualcomm.com More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary. Assigner : security.cna@qualcomm.com More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range. Assigner : security.cna@qualcomm.com More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. Assigner : security.cna@qualcomm.com More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. Assigner : security@unisoc.com More information :...

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. Assigner : security@unisoc.com More information :...

In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. Assigner : security@unisoc.com...

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries’ caption fields. The issue was received as a Contributor+ Stored XSS, however one of...

The Golo – City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not...

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter...