70 matches found
CVE-2025-14799 Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling
The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison == instead of strict comparison === when validating the installation ID in the...
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer for WordPress is affected by CVE-2026-1938: versions up to 4.3.2 expose the REST endpoint /yaymail-license/v1/license/delete without proper authorization, enabling authenticated attackers (Shop Manager level and higher) to delete the plugin license key i...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
MiracleLinux 8 : cloud-init-19.4-1.el8.7 (AXSA:2020-635:05)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-635:05 advisory. cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 The default cloud-init configuration, in cloud-init 0.6.2 and newer,...
PT-2026-1589
Name of the Vulnerable Software and Affected Versions Moosend Landing Pages plugin for WordPress versions through 1.1.6 Description The Moosend Landing Pages plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the moosend...
CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion
The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...
CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion
The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...
EUVD-2018-16649
Malware in sbrugna...
EUVD-2013-0217
Malware in sbrugna...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-411488)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-411488 advisory. In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154llseckeydel mac802154llseckeydel can free...
EUVD-2024-49341
Malicious code in bioql PyPI...
EUVD-2024-49735
Malicious code in bioql PyPI...
EUVD-2023-1815
Malicious code in bioql PyPI...
CVE-2024-8675
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettredisconnectgateway function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2025-6472 · Kaspersky · Kaspersky Security Cloud +11
Name of the Vulnerable Software and Affected Versions: Kaspersky Virus Removal Tool for Windows affected versions not specified Kaspersky Endpoint Security for Windows affected versions not specified Kaspersky Security for Virtualization Light Agent affected versions not specified Kaspersky...
kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del
A flaw was found in the Linux Kernel where resources are improperly managed in IEEE 802.15.4 networking, leading to a potential use-after-free issue, resulting in a denial of service...
Authentication Bypass
OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to inadequate session handling in OctoPrint, which allows an attacker with temporary control over an authenticated session to access or delete the API key without requiring reauthentication...
CVE-2024-9109
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteoauthdata function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers,...
mac802154: fix llsec key resources release in mac802154_llsec_key_del
...