WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rooting in WordPress Plugin AnyComment versions = 0.3.6...

WordPress Quran Gateway plugin <= 1.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Quran Gateway versions = 1.5...

EUVD-2017-12680

Malware in sbrugna...

EUVD-2019-12340

Malware in sbrugna...

EUVD-2020-6820

Malware in sbrugna...

EUVD-2021-16845

Malware in sbrugna...

WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...

Ubuntu: Security Advisory (USN-7622-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...

SUSE: Security Advisory (SUSE-SU-2025:0327-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:1128-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-43176)

Summary A vulnerability caused by improper authorization checks could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Vulnerability Details CVEID:CVE-2024-43176 DESCRIPTION: IBM OpenPages could allow an...

Security Bulletin: IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation.

Summary IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language SpEL expression, a remote attacker could exploit this vulnerability to cause a deni...

Grafana API IDOR

Today we are releasing Grafana 8.3.5 and 7.5.14. This patch release includes MEDIUM severity security fix for Grafana Teams API IDOR. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5....

WordPress Asgaros Forum Plugin <= 2.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Asgaros Forum Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32440 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4d6dad870cc9 Credits Ananda Dhakal...

WordPress Checkfront Online Booking System Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Checkfront Online Booking System Type Plugin Vulnerable versions = 3.6 Fixed in 3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44146 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4851b589bde2 Credits BuShiY...

Security Bulletin: IBM DB2 Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Grafana -- Teams API IDOR

Grafana Labs reports: On Jan. 18, an external security researcher, Kürşad ALSAN from NSPECT.IO @nspectio on Twitter, contacted Grafana to disclose an IDOR Insecure Direct Object Reference vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:...

OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability

OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure publication with our longtime mobile hacker friend, Rafay Baloch. If you'd like to just jump straight to the technical details for these vulnerabilities, I invite you to read his paper here. If you want to know more about why this...