CVE-2025-61928

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...

CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...

CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...

Missing Authentication for Critical Function

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api-key plugin's create endpoints. An attacker can gain unauthorized access to any user's account by...

Better Auth 安全漏洞

Better Auth is a TypeScript's most comprehensive authentication framework open-sourced by Better Auth. A security vulnerability exists in versions of Better Auth prior to 1.3.26 that originates from an unauthenticated attacker who can bypass authentication via the user ID in the request body,...

PT-2025-41497

Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.3.26 Description Better Auth is an authentication and authorization library for TypeScript. A critical authentication bypass allows unauthenticated attackers to create or modify API keys for any user. This is...

EUVD-2017-3255

Malware in sbrugna...

EUVD-2017-6698

Malware in sbrugna...

EUVD-2017-5165

Malware in sbrugna...

EUVD-2002-1639

Malware in sbrugna...

CVE-2024-13549

The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

PT-2025-2215 · WordPress · Bootstrap Blocks

Name of the Vulnerable Software and Affected Versions: All Bootstrap Blocks plugin for WordPress versions up to and including 1.3.26 Description: The issue is related to Stored Cross-Site Scripting via the Accordion widget due to insufficient input sanitization and output escaping. This allows...

WordPress plugin All Bootstrap Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2023-45056

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in 100plugins Open User Map plugin = 1.3.26 versions...

WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS)

Software Open User Map | Everybody can add locations Type Plugin Vulnerable versions = 1.3.26 Fixed in 1.3.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45056 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b19299929197...

Ez Systems eZ Platform 安全漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. Ibexa Kernel eZ Platform A security vulnerability exists in Ibexa Kernel versions prior to 1.3.26, which stems from granting too many privileges to the corporate administrator role...

SUSE CVE-2017-12935

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c...

SUSE CVE-2017-13777

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it...

WordPress Duplicator 1.3.26 Arbitrary File Read

Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Date: October 16, 2021 Exploit Author: nam3lum Vendor Homepage: https://wordpress.org/plugins/duplicator/ Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip Version: 1.3.26 Tested on:...

CVE-2017-18219

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large pngpixels array allocation...