WordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Evan in WordPress Plugin GeoDirectory versions = 2.8.157...

WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability

Payment Bypass vulnerability discovered by Evan in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.14...

WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Evan in WordPress Plugin Salon booking system versions = 10.30.25...

PT-2025-50011

Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Cloner: from n/a through = 1.0.0...

WordPress Flag Icons plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso in WordPress Plugin Flag Icons versions = 2.2...

WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Keep Backup Daily versions = 2.1.0...

WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability

Content Injection vulnerability discovered by Caesar Evan Santoso in WordPress Plugin Slides & Presentations versions = 0.0.39...

WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Content Blocks Builder versions = 2.7.6...

WordPress Slides & Presentations Plugin <= 0.0.39 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Slides & Presentations versions = 0.0.39...

WordPress Slides & Presentations Plugin <= 0.0.39 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Slides & Presentations versions = 0.0.39...

WordPress Virtual Bot Plugin <= 1.0.0 - CSRF Cross Site Scripting (XSS) vulnerability

CSRF Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Virtual Bot versions = 1.0.0...

WordPress Virtual Bot Plugin <= 1.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Virtual Bot versions = 1.0.0...

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 CVSS score: 8.5, the vulnerability has been described as an information disclosure bug stemming from a...

aries-askar (=0.1.2), indy-credx (>=0.2.0 <=0.3.1) +5 more potentially affected by CVE-2024-21670 via ursa (>=0.3.6 <=0.3.7)

ursa CARGO version =0.3.6, =0.2.0, =0.5.0, =0.3.1, =0.1.0, =0.1.0, =0.0.6, =0.0.8 Source cves: CVE-2024-21670 Source advisory: OSV:GHSA-R78F-4Q2Q-HVV4...

aries-askar (=0.1.2), indy-credx (>=0.2.0 <=0.3.1) +5 more potentially affected by CVE-2024-22192 via ursa (>=0.3.6 <=0.3.7)

ursa CARGO version =0.3.6, =0.2.0, =0.5.0, =0.3.1, =0.1.0, =0.1.0, =0.0.6, =0.0.8 Source cves: CVE-2024-22192 Source advisory: OSV:GHSA-6698-MHXX-R84G...

linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

GHSA-QRJV-RF5Q-QPXC Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

vade (>=0.1.0 <=0.1.1), vade-evan (=0.3.0) +4 more potentially affected by CVE-2021-38191 via tokio (=1.7.1)

tokio CARGO version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on tokio and may be impacted: - vade =0.1.0, =0.1.3, =0.2.0 - vade-sidetree =0.0.3 - vade-signer =0.0.1 - vade-universal-resolver =0.0.4 Source cves: CVE-2021-38191 Source advisory...

WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning)

Multiple security issues XSS, SSRF, Cache Poisoning found by Evan Ricafort, J.D. Grimes, Weston Ruter, David Newman, Eugene Kolodenker, Ben Bidner and WordPress security team in WordPress versions = 5.2.3. Solution Update the WordPress to the latest available version at least 5.2.4...