6276 matches found
CVE-2025-15428
creationtimestamp| type| source ---|---|--- 2026-01-02 06:00:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbg7qiihyt2p 2026-01-02 07:43:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbgfjlltmq2e 2026-01-02 18:53:57+00:00| seen|...
CVE-2025-14998
creationtimestamp| type| source ---|---|--- 2026-01-02 03:43:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbfy42vpmw2u 2026-01-02 03:49:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbfygjrrqv2p 2026-01-02 07:47:35+00:00| seen|...
PT-2026-1107
Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A security issue exists in code-projects Content Management System. The manipulation of the image argument in a file, /admin/edit posts.php, allows for unrestricted file upload...
PT-2026-1117
Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog version 2.5.23’s article creation functionality is susceptible to cross-site request forgery CSRF. This allows an attacker to force a user to post an article containing arbitrary content. When combined wi...
CVE-2025-68272
creationtimestamp| type| source ---|---|--- 2026-01-01 17:57:40+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-7rqc-ff8m-7j23 2026-01-01 18:22:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbeyppmdz32z 2026-01-01...
CVE-2025-66398
creationtimestamp| type| source ---|---|--- 2026-01-01 17:54:57+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-w3x5-7c4c-66p9 2026-01-01 18:21:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbeypj7h5c2p 2026-01-01...
CVE-2025-68620
creationtimestamp| type| source ---|---|--- 2026-01-01 17:54:21+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-fq56-hvg6-wvm5 2026-01-01 20:01:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbf6bouxuo2u 2026-01-01...
CVE-2025-14434
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...
CVE-2025-49354
Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...
WordPress User Submitted Posts plugin <= 20251121 - Open Redirection vulnerability
Open Redirection vulnerability discovered by benzdeus in WordPress Plugin User Submitted Posts versions = 20251121...
CVE-2025-30628
creationtimestamp| type| source ---|---|--- 2025-12-31 20:56:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbcqvtpyen2y 2025-12-31 21:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbcr4nd4cw2u 2026-01-02 08:03:39+00:00| seen|...
CVE-2025-14426
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...
CVE-2025-68996
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through = 15...
EUVD-2025-205885
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...
CVE-2025-49354
Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...
CVE-2025-14434
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...
CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...
CVE-2025-14434
CVE-2025-14434 affects the WordPress plugin “Ultimate Post Kit Addons for Elementor” (versions prior to 4.0.16). The issue arises from multiple AJAX endpoints (e.g., loadmore posts) that do not verify whether targeted posts are published, enabling an unauthenticated attacker to query arbitrary po...
CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...
CVE-2025-49354
Technical details for CVE-2025-49354 are not provided in the supplied documents; no product, vendor, impact, or remediation specifics are disclosed here. Monitor for official updates.