"Kura Sushi Official App" vulnerable to improper certificate validation

Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...

CVE-2024-31274

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11...

CVE-2025-0817

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

WordPress FormCraft plugin <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability

Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin FormCraft 3 versions = 3.9.11...

PT-2025-6610 · WordPress · Formcraft

Name of the Vulnerable Software and Affected Versions: FormCraft plugin for WordPress versions up to and including 3.9.11 Description: The issue arises from a missing capability check in formcraft-main.php, allowing authenticated attackers with Subscriber-level access and above to export all plug...

WordPress plugin FormCraft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Malicious code in testcafe-reporter-ayx-reportportal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56e9fb2a7d91d090c5daebf11bf839a8c406149a5eb97098ced6820c0285e4ea The OpenSSF Package Analysis project identified 'testcafe-reporter-ayx-reportportal' @ 3.9.11 npm as malicious. It is considered malicious...

CVE-2024-31274

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11...

CVE-2024-31274 WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11...

WordPress plugin EmbedPress security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin EmbedPress versions = 3.9.11...

vm2 < 3.9.11 Sandbox Escape Vulnerability

vm2 is prone to a sandbox escape vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...

WordPress Plugin Plainware Locatoraid Store Locator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

GHSA-MRGP-MRHC-5JRQ vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host

Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. Patches This vulnerability was patched in the release of version 3.9.11 of vm2 Workarounds None. References Github Issue - https://github.com/patriksimek/vm2/issues/467 T...

CVE-2022-36067

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...

CVE-2022-36067

CVE-2022-36067 (vm2) is a Node.js sandbox vulnerability in the vm2 library. In versions prior to 3.9.11, the sandbox protections can be bypassed, allowing a threat actor to gain remote code execution on the host running the sandbox. The issue has been fixed in vm2 3.9.11. The Initial Description ...

[slackware-security] python3

New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.11-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libexpat upgraded from 2.4.1 to 2.4.7 bundl...

WordPress Simple Download Monitor plugin <= 3.9.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.10. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.11...

Joomla Fabrik 3.9.11 Directory Traversal

Exploit Title: Joomla! comfabrik 3.9.11 - Directory Traversal Google Dork: inurl:"index.php?option=comfabrik" Date: 2020-03-30 Exploit Author: qw3rTyTy Vendor Homepage: https://fabrikar.com/ Software Link: https://fabrikar.com/downloads Version: 3.9 Tested on: Debian/Nginx/Joomla! 3.9.11...

Joomla! com_hdwplayer 4.2 - search.php SQL Injection

Joomla! comhdwplayer 4.2 - search.php SQL Injection Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Date: 2020-03-23 Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link:...