WordPress WP SEO Structured Data Schema plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP SEO Structured Data Schema versions = 2.8.1...

Unauthenticated Information Disclosure

signalk-server is vulnerable to unauthenticated information disclosure. The vulnerability is due to missing authentication checks on sensitive endpoints, which allows an attacker to retrieve internal system details such as the full SignalK data schema, connected serial devices, and installed...

CVE-2025-68273

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

GHSA-FPF5-W967-RR2M Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Note This is a separate issue from the RCE vulnerability State Pollution currently being patched. While related to tokensecurity.js, it involves different endpoints and risks. Summary An unauthenticated information disclosure vulnerability allows any user to retrieve sensitive system information,...

Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Note This is a separate issue from the RCE vulnerability State Pollution currently being patched. While related to tokensecurity.js, it involves different endpoints and risks. Summary An unauthenticated information disclosure vulnerability allows any user to retrieve sensitive system information,...

CVE-2025-68273

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68273

Summary: CVE-2025-68273 affects Signal K Server prior to version 2.19.0, exposing unauthenticated information via exposed endpoints and enabling information disclosure of the vessel data schema, connected serial devices, and analyzer tools. The root cause is missing authentication protection for ...

PT-2026-1022

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server, a server application used on boats, has an information disclosure issue. An unauthenticated user can access sensitive system information. This includes the complete SignalK...

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

...

CVE-2025-53364

Summary (Parse Server - GraphQL Schema Information Disclosure, CVE-2025-53364) The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. This could expose API structure metadata (not actual data), potentially increasin...

Uncaught Exception

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Uncaught Exception through the guidedjson parameter when using xgrammar validation. An attacker can cause the application to crash by sending an...

CVE-2025-4127

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-4127 WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin WP SEO Structured Data Schema 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CISA Releases New Public Version of CDM Data Model Document

Today, the Cybersecurity and Infrastructure Security Agency CISA released an updated public version of the Continuous Diagnostics and Mitigation CDM Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act FISMA metrics. The CDM Data Model...

Hacker in Snowflake Extortions May Be a U.S. Soldier

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake , but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's...

CVE-2024-7552

A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of...