383 matches found
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 9, 2026 to February 15, 2026)
Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our ' High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...
GHSA-5VVM-67PJ-72G4 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...
PT-2026-21302
Name of the Vulnerable Software and Affected Versions Kargo versions 1.9.0 through 1.9.2 Description Kargo manages and automates the promotion of software artifacts. The authorization model includes a 'promote' verb intended to control access to promotion pipelines. While correctly enforced in th...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
Linux Distros Unpatched Vulnerability : CVE-2025-69871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
UBUNTU-CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
CVE-2025-69871 affects MedusaJS Medusa v2.12.2 and earlier. The race condition occurs in the registerUsage() function of the promotion module, where a non-atomic read–check–update enforces usage limits. This enables unauthenticated remote attackers to bypass promotion usage limits by sending conc...
PT-2026-7635
Name of the Vulnerable Software and Affected Versions MedusaJS versions prior to 2.12.2 Description A race condition exists in the registerUsage function within the promotion module. This function uses a non-atomic read-check-update process when managing promotion usage limits. This allows...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
Exploit for CVE-2025-69871
Ethan Public Disclosures Security vulnerability disclosures a...
Bithumb Mistakenly Sends 620,000 Bitcoin ($40B) to Customer Accounts
A system error at Bithumb sent 620,000 Bitcoin worth about $40B to hundreds of users during a promotion, briefly disrupting prices and drawing scrutiny...
CVE-2025-43904
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...
CVE-2025-43904
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...
CVE-2025-43904
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...
CVE-2023-40622
SAP BusinessObjects Business Intelligence Platform Promotion Management - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application...