CVE-2025-65995

Airflow CVE-2025-65995 affects the UI error-reporting path: if a DAG fails during parsing, full operator kwargs (potentially containing secrets) could be exposed in tracebacks to users with DAG viewing permissions. Affected products are Apache Airflow; root cause is leakage of sensitive values vi...

WordPress Wp Social Login and Register Social Counter plugin <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability

Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Wp Social versions = 3.1.3...

CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...