248 matches found
PT-2025-44305
Name of the Vulnerable Software and Affected Versions ThreatFire System Monitor version 4.7.0.53 Description A flaw exists in the kernel driver of ThreatFire System Monitor that allows for privilege escalation and arbitrary command execution. This is due to insecure access control through an...
CVE-2025-59460
Technical details about CVE-2025-59460 are not publicly available in the provided documents. Monitor for updates.
WordPress plugin Flights Hotels Booking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-49899
Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through = 4.0.15...
CVE-2025-62244
CVE-2025-62244 (Liferay Publications IDOR) affects Liferay Portal 7.3.1–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, 2023.Q3.1–2023.Q3.8, plus 7.4 GA up to update 92 and 7.3 GA up to update 36. An insecure direct object reference via the parameter _com_liferay_change_tracking_web_portlet_Public...
EUVD-2018-11264
Malware in sbrugna...
EUVD-2019-4857
Malware in sbrugna...
EUVD-2002-0066
Malware in sbrugna...
EUVD-2018-21447
Malware in sbrugna...
EUVD-2018-9208
Malware in sbrugna...
EUVD-2022-53488
Malicious code in bioql PyPI...
EUVD-2024-26815
Malicious code in bioql PyPI...
EUVD-2023-42712
Malicious code in bioql PyPI...
EUVD-2025-20000
Malicious code in bioql PyPI...
CVE-2025-59562
CVE-2025-59562 concerns the Academy LMS WordPress plugin. The issue is described as an Insecure Direct Object Reference / Missing Authorization (Authorization Bypass Through User-Controlled Key) that affects Academy LMS versions up to 3.3.4. Patch status in the CVE entry shows a fix, with the aff...
jinjava has Sandbox Bypass via JavaType-Based Deserialization
Summary jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as getClass, and block instantiation of Class objects. However, these protections can be bypassed. By using mapper.getTypeFactory.constructFromCanonical, it is possible to instruct the underlying...
CVE-2025-56254
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference IDOR vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users...
CVE-2025-0670 IDOR in Akinsoft's ProKuafor
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure. This issue affects ProKuafor: from s1.02.07 before v1.02.08...
PT-2025-33203 · Syedamirhussain91 · Db Backup
Name of the Vulnerable Software and Affected Versions: syedamirhussain91 DB Backup versions through 6.0 Description: A missing authorization flaw in syedamirhussain91 DB Backup allows exploitation due to incorrectly configured access control security levels. Recommendations: Update to a version...
CVE-2025-49154
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an...