CVE-2026-41317 Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

EUVD-2024-50782

Malicious code in bioql PyPI...

EUVD-2024-50593

Malicious code in bioql PyPI...

CVE-2025-1322 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

WordPress plugin BuddyBuilder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Envo Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Cowidgets 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Restrict Posts based on Conditions – Conditional Post Restrictions Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Restrict Posts based on Conditions – Conditional Post Restrictions Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

Cross-Site Request Forgery (CSRF)

modoboa is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in domain.py and identity.py due to missing POST restrictions which allows an attacker to update admin accounts...

WordPress Restrict Posts based on Conditions – Conditional Post Restrictions plugin <= 1.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Restrict Posts based on Conditions – Conditional Post Restrictions plugin versions = 1.1.2. Solution Update the WordPress Restrict Posts based on Conditions – Conditional Post Restrictions plugin to the latest available versio...