WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Simple Link Directory versions = 8.8.3...

CVE-2025-67465

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through = 8.8.3...

CVE-2025-67576

CVE-2025-67576 is linked to the Wordfence vulnerability listing for Simple Link Directory (plugin: Simple Link Directory) with a Missing Authorization issue affecting versions up to 8.8.3. The connected Wordfence document confirms this CVE entry and notes the vulnerability as a Missing Authorizat...

CVE-2025-67465 WordPress Simple Link Directory plugin <= 8.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through = 8.8.3...

CVE-2025-67465

Technical details for CVE-2025-67465 (CSRF in Simple Link Directory plugin) are not provided in the connected documents. Initial description notes plugin versions

PT-2025-49882

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through = 8.8.3...

WordPress plugin Simple Link Directory 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-49950

Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through = 8.8.3...

Notepad++ DLL Hijacking Vulnerability (Oct 2025)

Notepad++ is prone to a DLL hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:notepad-plus-plus:notepad++"...

BIT-MONGOOSE-2024-53900

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

CVE-2025-56383

Notepad++ DLL Hijacking (CVE-2025-56383) affects Notepad++ v8.8.3 and earlier. The vulnerability allows replacing a legitimate DLL (e.g., NppExport.dll) in the plugin directory with a malicious one, enabling arbitrary code execution with the user’s privileges. Exploitation is local and relies on ...

CVE-2024-53900

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...

CVE-2024-53900

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...

Automattic Mongoose 安全漏洞

Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 8.8.3 that stems from improper use of query operators...

PT-2024-35970

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 8.8.3 Description The issue is related to the improper use of the $where operator in Mongoose, which can lead to search injection and potentially allow a remote attacker to execute arbitrary code and gain read and...

CVE-2023-50166

Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter...

CVE-2023-50166

Pega Platform versions 8.5.4–8.8.3 are affected by an input validation XSS vulnerability triggered by a redirect parameter, exploitable by an unauthenticated user. Affected component/area: Pega Platform runtime handling of redirect parameters. Reported impact is cross-site scripting with potentia...

PT-2024-13873 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 8.5.4 through 8.8.3 Description: The issue is an XSS problem that can be exploited by an unauthenticated user, utilizing the redirect parameter. Recommendations: For versions 8.5.4 through 8.8.3, consider restricting...