40352 matches found
CVE-2025-12696
The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them...
PT-2025-51149
The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them...
CVE-2025-43517
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data...
CVE-2025-43509
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...
Cross-site Request Forgery
Jenkins Nexus Task Runner Plugin is vulnerable to a Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protection on sensitive plugin endpoints, where crafted requests can trigger actions without user interaction, allowing attackers to force an authenticated Jenkins user to...
Password Enumeration
Liferay Portal is vulnerable to password enumeration. The vulnerability is due to insufficient protection against brute-force attempts, which allows an attacker to systematically guess and determine a user’s password even when account lockout mechanisms are enabled...
CVE-2025-11707 Login Lockdown & Protection <= 2.14 - IP Block Bypass
The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblockkey key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys...
CVE-2025-11707
CVE-2025-11707 – Login Lockdown & Protection (WordPress) : A vulnerability in all versions up to and including 2.14 allows unauthenticated attackers who have access to an admin email to generate valid unblock keys for their IP, bypassing IP blocks after failed logins due to insufficient randomnes...
CVE-2025-11707 Login Lockdown & Protection <= 2.14 - IP Block Bypass
The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblockkey key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys...
WordPress plugin Login Lockdown & Protection 安全特征问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security feature issue...
crossbow-agent
🤖 crossbow-agent - The Smart Way to Secure Your System 🚀 G...
CVE-2025-43509
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...
CVE-2025-43509
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data...
CVE-2025-43461
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...
CVE-2025-43509
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...
CVE-2025-43509
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data...
EUVD-2025-203159
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user data...
CVE-2025-43381
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...
GHSA-4JMP-X7MH-RGMR Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration
Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...