75 matches found
CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter
The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...
CVE-2025-14609
Consolidated: CVE-2025-14609 affects the Wise Analytics WordPress plugin (versions
CVE-2025-13292
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
EUVD-2025-201511
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13292
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access.
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13292
CVE-2025-13292 affects Google Apigee-X, enabling cross-tenant unauthorized read/write access to Apigee Analytics data and logs due to improper access control. Patched in version 1-16-0-apigee-3; no user action required. Evidence confirms affected product, impact, and patch; exploitation details a...
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access.
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
PT-2025-49328
Name of the Vulnerable Software and Affected Versions Apigee-X versions prior to 1-16-0-apigee-3 Description A security issue in Apigee-X could allow an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations...
WordPress Analytify Pro plugin information disclosure vulnerability
WordPress Analytify Pro plugin is a Google Analytics plugin designed for WordPress, mainly used in the WordPress background and front-end display of Google Analytics data, to simplify the process of analyzing website traffic and user behavior. WordPress Analytify Pro plugin has an information...
CVE-2025-60427
LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...
CVE-2025-60427
LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...
CVE-2025-60427
LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...
CVE-2025-60427
LibreTime 3.0.0-alpha.10 (and possibly earlier) is affected by Broken Access Control. A user with the DJ role can access analytics data via the Web UI and direct API calls because the backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of statio...
Malicious Package
Overview analytics-data-collection-fe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in analytics-data-collection-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c5655e480e57af4b115f0660b3e96f7412f5d95816cd49858611d28761ea501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-33891
Malicious code in analytics-data-collection-fe npm...
MAL-2025-48316 Malicious code in analytics-data-collection-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c5655e480e57af4b115f0660b3e96f7412f5d95816cd49858611d28761ea501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2018-16183
Malware in sbrugna...
EUVD-2021-17788
Malware in sbrugna...