Huawei EulerOS: Security Advisory for protobuf (EulerOS-SA-2025-2594)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2020-2594

Malware in sbrugna...

EUVD-2008-2588

Malware in sbrugna...

WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass

!/usr/bin/env python3 Exploit Title: WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass Date: 2025-05-22 Exploit Author: Mohammed Idrees Banyamer Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...

CVE-2019-2594

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Application Server. Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2005-2594

Apple Safari 1.3 132 on Mac OS X 1.3.9 allows remote attackers to cause a denial of service crash via certain Javascript, possibly involving a function that defines a handler for itself within the function body...

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

CVE-2025-2594 User Registration & Membership < 4.1.3 - Authentication Bypass

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

CVE-2025-2594

The CVE-2025-2594 affects the WordPress plugin “User Registration & Membership” prior to version 4.1.3. Affected behavior: when the Membership Addon is enabled, data in an AJAX action is not properly validated, enabling an attacker to authenticate as any user (including administrators) by supplyi...

CVE-2025-2594

creationtimestamp| type| source ---|---|--- 2025-04-02 17:00:08+00:00| published-proof-of-concept| Telegram/XWNVTNV35dvmt9z1kuRKrDP-n4wp3QUtmRLqVkoNNpbDXx4 2025-04-22 06:58:01+00:00| seen| https://bsky.app/profile/potato.software/post/3lnf42pfg562f 2025-04-22 07:03:22+00:00| seen|...

WordPress User Registration & Membership Pro plugin < 5.1.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin User Registration & Membership Pro versions 5.1.3...

WordPress User Registration plugin < 4.1.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin User Registration versions 4.1.3...

Amazon Linux 2 : httpd (ALAS-2024-2594)

The version of httpd installed on the remote host is prior to 2.4.61-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2594 advisory. Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sen...

CVE-2024-2594

creationtimestamp| type| source ---|---|--- 2024-03-18 15:26:35+00:00| seen| https://t.me/ctinow/210643...

CVE-2024-2594 Cross-Site Scripting (XSS) in AMSS++

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an...

CVE-2024-2594 Cross-Site Scripting (XSS) in AMSS++

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an...

CVE-2024-2594

AMSS++ 4.31 is affected by a Cross-Site Scripting (XSS) vulnerability due to insufficient encoding of user-controlled input in multiple parameters on /amssplus/admin/index.php. Root cause: input is not properly encoded, enabling a remote attacker to craft a URL that, when visited by an authentica...

CVE-2023-2594

creationtimestamp| type| source ---|---|--- 2023-05-09 16:38:52+00:00| seen| https://t.me/cibsecurity/63611...