600 matches found
CVE-2025-7665
The CVE-2025-7665 entry concerns Miniorange OTP Verification with Firebase for WordPress, affecting versions 3.1.0–3.6.2. A missing capability check in the handle_mofirebase_form_options function enables unauthenticated privilege escalation to Administrator. Exploitation is described as requiring...
PT-2025-38531
Name of the Vulnerable Software and Affected Versions Miniorange OTP Verification with Firebase plugin for WordPress versions 3.1.0 through 3.6.2 Description The Miniorange OTP Verification with Firebase plugin for WordPress is susceptible to privilege escalation. A missing capability check on th...
WordPress plugin Miniorange OTP Verification with Firebase 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Google misled users about their privacy and now owes them $425m, says court
A court has ordered Google to pay $425m in a class action lawsuit after it was found to have misled users about their online privacy. In July 2020, Google user Anibal Rodriguez filed a lawsuit against the search giant, arguing that it misled users with its "Web & App Activity" setting. The settin...
MAL-2025-46472 Malicious code in upgrade-firebase-event-telesto (npm)
The package upgrade-firebase-event-telesto was found to contain malicious code...
Malicious code in upgrade-firebase-event-telesto (npm)
The package upgrade-firebase-event-telesto was found to contain malicious code...
MAL-2025-44901 Malicious code in kronos-hexo-nodemon-firebase (npm)
The package kronos-hexo-nodemon-firebase was found to contain malicious code...
Malicious code in membrane-firebase-centaurus-quantumfoam (npm)
The package membrane-firebase-centaurus-quantumfoam was found to contain malicious code...
Malicious code in pino-firebase-indus-kronos (npm)
The package pino-firebase-indus-kronos was found to contain malicious code...
MAL-2025-45559 Malicious code in pino-firebase-indus-kronos (npm)
The package pino-firebase-indus-kronos was found to contain malicious code...
MAL-2025-45169 Malicious code in membrane-firebase-centaurus-quantumfoam (npm)
The package membrane-firebase-centaurus-quantumfoam was found to contain malicious code...
Malicious code in kronos-hexo-nodemon-firebase (npm)
The package kronos-hexo-nodemon-firebase was found to contain malicious code...
CVE-2025-55306
GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...
CVE-2025-55306 GenX_FX authentication bypass in JWT validation
GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...
CVE-2025-55306
GenX_FX backend vulnerability: environment-variable misconfiguration can expose API keys and authentication tokens, enabling unauthorized access to cloud resources (Google Cloud, Firebase, GitHub, etc.). Impact is high (credential exposure with potential full resource access) as reported across m...
CVE-2025-55306 GenX_FX authentication bypass in JWT validation
GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...
PT-2025-33843 · Microsoft +2 · Github +3
Name of the Vulnerable Software and Affected Versions: GenX FX affected versions not specified Description: GenX FX is an IA trading platform focused on forex trading. A flaw in the backend may expose API keys and authentication tokens if environment variables are misconfigured. This could allow...
CVE-2025-8342
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...
CVE-2025-8342
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...
CVE-2025-8342 WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...