CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for...

CVE-2025-58130 Apache Fineract: Server Key not masked

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

EUVD-2024-55322

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file...

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability

Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.2...

Apple macOS Sequoia 安全漏洞

Apple macOS Sequoia is an operating system from Apple USA. A security vulnerability exists in Apple macOS Sequoia prior to version 15.7.3, which originates from an application that may bypass startup constraint protection and execute malicious code with elevated privileges...

WordPress plugin Secure Copy Content Protection and Content Locking 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

Zoom Rooms< 6.6.0 Vulnerability (ZSB-25050)

"The version of Zoom Rooms installed on the remote host is prior to 6.6.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25050 advisory. - Software downgrade protection failure allows unauthenticated privilege escalation via local access.CVE-2025-67460 %NASLMINLEVEL 80900...

WordPress Plugin Portfolio and Projects Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Portfolio and Projects,...

PT-2025-51017

CVE-2025-43523 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to access sensitive user data. https://t.co/gGS83lscq6...

PT-2025-51005

CVE-2025-43509 This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user … https://t.co/68matrJhFp...

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.3 and Sequoia prior to 15.7.3, which stems from insufficient data protection and could result in access to...

PT-2025-50925

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ays sccp results export file' AJAX action. This makes it possible for unauthenticate...

PT-2025-50926

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for...

WordPress plugin Secure Copy Content Protection and Content Locking 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

Oracle Linux 9 : edk2 (ELSA-2025-28047)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28047 advisory. - EDK2: EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access Orabug: 38381983 CVE-2025-377...

CVE-2025-67646

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

CVE-2024-58288 Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file...

CVE-2024-58288

Genexus Protection Server 9.7.2.10 has an unquoted service path in the protsrvservice Windows service configuration. Exploitation allows arbitrary code execution with LocalSystem privileges by placing malicious executables in specific file system locations. Remediation: quote the service path in ...

CVE-2024-58288 Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file...