CVE-2025-67594 WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through = 1.3.3...

CVE-2025-67594 WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through = 1.3.3...

EUVD-2025-202059

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through = 1.3.3...

CVE-2025-40801

The CVE-2025-40801 family describes a vulnerability where the SALT (Siemens Advanced Licensing Toolkit) SDK omits server certificate validation when establishing TLS connections to the authorization server. This allows potential man-in-the-middle attacks affecting Siemens products such as COMOS, ...

WordPress plugin Thim Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-50132

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.0 and earlier Description The DNG SDK is affected by a Heap-based Buffer Overflow that may result in memory exposure or application denial of service. An attacker could exploit this issue to disclose sensitive memory...

PT-2025-50131

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.0 and earlier Description The DNG SDK is affected by an Integer Overflow or Wraparound issue. Successful exploitation could lead to arbitrary code execution with the privileges of the current user. User interaction is...

PT-2025-49968

Name of the Vulnerable Software and Affected Versions ThimPress Thim Elementor Kit versions through 1.3.3 Description An authorization bypass exists due to incorrectly configured access control security levels in ThimPress Thim Elementor Kit. This allows exploitation through user-controlled keys...

Adobe DNG SDK 缓冲区错误漏洞

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. The Adobe DNG Software Development Kit SDK contains an out-of-bounds read vulnerability that can be exploited by attackers to obtain sensitive information or cause a denial of service...

Over 70 Domains Used in Months-Long Phishing Spree Against US Universities

Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication MFA and steal credentials from 18 US universities between April and November 2025...

WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Thim Elementor Kit versions = 1.3.3...

EUVD-2025-201493

A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...

CVE-2025-27935

The CVE-2025-27935 issue concerns the OTP Integration Kit for PingFederate. According to connected sources, it fails to enforce HTTP method validation and state validation, allowing the server to advance authentication without verifying the OTP and effectively bypassing multi-factor authenticatio...

CVE-2025-27935 Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

CVE-2025-13390

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

RHSA-2025:22672 Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk security update

Bulletin has no description...

RHEL 10 : java-21-ibm-semeru-certified-jdk (RHSA-2025:22672)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22672 advisory. The IBM Semeru Runtime Certified Edition 21 runtime environment. Security Fixes: openjdk: Enhance Path Factories Oracle CPU 2025-10...

CVE-2025-13390

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

CVE-2025-13390

CVE-2025-13390 affects the WordPress plugin WP Directory Kit, versions up to 1.4.4. The flaw is an authentication bypass caused by a weak token generation in the wdk_generate_auto_login_link function, making tokens predictable and allowing unauthenticated attackers to gain administrative access a...

EUVD-2025-200972

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...