Stuxlab

Unrestricted Upload of File with Dangerous Type vulnerability in “RedefiningTheWeb”, “WordPress Contact Form 7 PDF”, “Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf” allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database:… Read more: CVE-2025-64231: WordPress – Malicious File Upload

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the ‘promo_send’ parameter in the ‘/assets/php/calculate_discount.php‘ CVE CVE-2025-40639 CVSSv3 9.8 Published Date 9… Read more: CVE-2025-40639: SQL Injection

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2,… Read more: CVE-2025-15029: SQL Injection in Centreon Infra Monitoring

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. CVE 2023-47359 CVSSv3 9.8 critical Published Date 7… Read more: CVE-2023-47359: VLC impacted with Buffer Overflow

Vulnerbility: Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE CVE-2026-2316 CVSSv3 6.5 Medium Published… Read more: CVE-2026-2316: Insufficient policy enforcement in Frames