CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2026-1380 Bitcoin Donate Button <= 1.0 - Cross-Site Request Forgery to Settings Update

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2026-1380

CVE-2026-1380 affects the Bitcoin Donate Button WordPress plugin (

EUVD-2026-4924

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

WordPress Bitcoin Donate Button plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bitcoin Donate Button versions = 1.0...

PT-2026-5095

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

WordPress Plugin: Bitcoin Donation Button – Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-59098

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

Dormakaba registration unit 9002 security vulnerabilities

The Dormakaba Registration Units 9002 is a password input panel developed by the American company Dormakaba. There is a security vulnerability associated with the Dormakaba Registration Units 9002; this vulnerability stems from the exposed UART interface, which can leak button press data,...

PT-2026-4759

Name of the Vulnerable Software and Affected Versions dormakaba registration units 9002 PIN Pad Units affected versions not specified Description The dormakaba registration units 9002 PIN Pad Units have an exposed UART header. The PIN pad transmits every button press through this UART interface. ...

MiracleLinux 9 : firefox-128.4.0-1.el9_4.ML.1 (AXSA:2024-8972:37)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8972:37 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox:...

MiracleLinux 9 : xorg-x11-server-Xwayland-22.1.9-5.el9 (AXSA:2024-8022:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8022:01 advisory. xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367 xorg-x11-server: out-of-bounds memory reads/writ...

MiracleLinux 8 : systemd-239-40.el8 (AXSA:2021-1218:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1218:01 advisory. systemd: memory leak in buttonopen in login/logind-button.c when udev events are received CVE-2019-20386 Tenable has extracted the preceding description bloc...

📄 Chamillo LMS 1.11.2 Missing Cache Header

Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure. CVE-2025-69581 An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing...

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

CVE-2025-14463

CVE-2025-14463 affects the WordPress plugin “Payment Button for PayPal” (versions up to and including 1.2.3.41). The vulnerability arises from a publicly exposed AJAX endpoint (wppaypalcheckout_ajax_process_order) that processes checkout results without authentication or server-side verification,...