Alist has Insecure TLS Config

Summary The application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations,...

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

WordPress MyRewards plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin MyRewards versions = 5.6.1...

CVE-2025-15507

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2026-0572

The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurifysaveoptions' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plugin settin...

CVE-2025-15507 Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2025-15507

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to modify the plugin's...

EUVD-2025-206794

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2025-15285 SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...

CVE-2025-15285 SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...

CVE-2025-15285

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...

CVE-2025-15285

CVE-2025-15285 concerns the WordPress plugin SEO Flow by LupsOnline (versions

CVE-2025-15260 MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...

CVE-2025-15260

The CVE applies to the WordPress plugin “MyRewards – Loyalty Points and Rewards for WooCommerce.” Connected sources confirm: vulnerable in all versions up to 5.6.0 (and PwC+ sources indicate up to 5.6.0) where the plugin fails to verify user authorization in the ajax function. This permits authen...

WordPress SEO Flow by LupsOnline plugin <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification vulnerability

Unauthenticated Arbitrary Post/Category Modification vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin SEO Flow by LupsOnline versions = 2.2.1...

PT-2026-6011

Name of the Vulnerable Software and Affected Versions WebPurify Profanity Filter versions up to and including 4.0.2 Description The WebPurify Profanity Filter plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check on the webpurify...

Oracle Enterprise Manager Cloud Control (January 2026 CPU)

The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent...

PT-2026-5885

Name of the Vulnerable Software and Affected Versions SEO Flow versions prior to 2.2.2 Description The SEO Flow plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check within the checkBlogAuthentication and checkCategoryAuthentication functions...

WordPress Plugin Simple User Registration Access Control Error Vulnerability

WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. An access control error vulnerability exists in the WordPress plugin Simple User...

PT-2026-6262

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.10 n8n versions prior to 2.5.0 Description n8n, an open source workflow automation platform, contains a flaw in the Git node. This allows authenticated users with create or modify permissions for workflows to execut...