5096 matches found
PT-2025-51588
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.4-00114-g1f61ca5cad76 Description The Linux kernel has a flaw in the media subsystem, specifically within the nxp imx8-isi driver. The current implementation unconditionally calls mxc isi video cleanup...
PT-2025-51749
Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 contains a cross-site scripting issue that enables attackers to inject malicious HTML and CSS. This allows for the capture of user keystrokes. Attackers can upload a specially crafted...
Cross-site Request Forgery (CSRF)
org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing CSRF protection in the plugin configuration endpoints, which allows an attacker to force a victim to connect Jenkins to an attacker-controlled URL using...
CVE-2025-67578
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
EUVD-2025-201952
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
EUVD-2025-201926
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
CVE-2025-67578
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
CVE-2025-67578
CVE-2025-67578 : WordPress WP Email Capture plugin (wp-email-capture) <= 3.12.4 has a Missing Authorization flaw due to incorrectly configured access controls. This could allow unauthorized access/modification of data. The issue is documented as patched in Wordfence Intelligence; remediation i...
CVE-2025-67578 WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
CVE-2025-67578 WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
CVE-2025-40807
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...
WordPress plugin WP Email Capture 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-49952
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Email Capture versions = 3.12.4...
CVE-2025-66459
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
A Descriptive Model for Modelling Attacker Decision-Making in Cyber-Deception
Cyber-deception is an increasingly important defensive strategy, shaping adversarial decision making through controlled misinformation, uncertainty, and misdirection. Although game-theoretic, Bayesian, Markov decision process, and reinforcement learning models offer insight into deceptive...
CVE-2025-66459
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
EUVD-2025-200304
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...