PT-2026-1572

Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...

WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Unauthenticated SQL Injection vulnerability

WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin = 3.2.6 - Unauthenticated SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...

SUSE CVE-2017-18870

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

Malicious code in serval-integrations-common-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 034a79cdc705d00ab7fb639f1d90c46135f42d8f6cf57eef63bf822adbffac48 The package serval-integrations-common-frontend was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-202356

Malicious code in serval-integrations-common-frontend npm...

MAL-2025-192401 Malicious code in serval-integrations-common-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 034a79cdc705d00ab7fb639f1d90c46135f42d8f6cf57eef63bf822adbffac48 The package serval-integrations-common-frontend was found to contain malicious code. Source: ghsa-malware...

CVE-2025-13428

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

CVE-2025-13428

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not...

AI-Powered Wiz: From Agents to Everyday Intelligence

How Wiz AI Agents and Integrations Meet You Where You Work...

CVE-2025-11493

The CVE-2025-11493 entry concerns the ConnectWise Automate Agent. The connected sources describe that the agent does not fully verify the authenticity of files downloaded from the server (updates, dependencies, and integrations), creating a risk of a man-in-the-middle substitution of legitimate f...

CVE-2025-11439

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The pat...

CVE-2025-11439

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The pat...

CVE-2025-11439

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The pat...

CVE-2025-11439 JhumanJ OpnForm integrations authorization

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The pat...

CVE-2025-11439

CVE-2025-11439 targets JhumanJ OpnForm before or up to 1.9.3. Affected component is the file handling path /show/integrations, where manipulation can bypass authorization, enabling remote exploitation. Public exploit appears available. The known fix/patch is identified as 11d97d78f2de2cb49f79baed...

PT-2025-41234

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in the processing of the /show/integrations file within JhumanJ OpnForm. Manipulation of this file can lead to missing authorization checks, potentially allowing for remote...

OpnForm 安全漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A security vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from a lack of authorization in the file /show/integrations and could lead to unauthorized access...

EUVD-2020-28347

Malware in sbrugna...