266 matches found
PT-2025-48650
Name of the Vulnerable Software and Affected Versions Beaver Builder – WordPress Page Builder plugin versions prior to 2.9.4 Description The Beaver Builder – WordPress Page Builder plugin for WordPress is susceptible to a missing authorization issue. Insufficient capability checks within the REST...
CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution
At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.1.0. Multiple threat actors a...
CVE-2025-12535
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...
CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...
CVE-2025-27368
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond...
CVE-2025-27368
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond...
Security Bulletin: IBM OpenPages Vulnerable to Information Disclosure (CVE-2025-27368)
Summary Application API vulnerability that exposes metadata for configurable fields due to insufficient access control checks in IBM OpenPages has been addressed. Vulnerability Details CVEID:CVE-2025-27368 DESCRIPTION: IBM OpenPages is vulnerable to information disclosure of sensitive information...
CVE-2025-11894
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
CVE-2025-11372
CVE-2025-11372 affects the LearnPress – WordPress LMS Plugin (WordPress) up to and including version 4.2.9.3. The root cause is missing capability checks on Admin Tools REST endpoints, with permission_callback set to __return_true, enabling unauthenticated attackers to perform destructive databas...
EUVD-2020-29868
Malware in sbrugna...
EUVD-2016-7002
Malware in sbrugna...
EUVD-2019-9390
Malware in sbrugna...
EUVD-2016-0408
Malware in sbrugna...
EUVD-2019-16196
Malware in sbrugna...
EUVD-2021-10133
Malware in sbrugna...
EUVD-2018-11902
Malware in sbrugna...
EUVD-2016-0355
Malware in sbrugna...
EUVD-2022-34797
Malicious code in bioql PyPI...
EUVD-2025-20685
Malicious code in bioql PyPI...
EUVD-2024-54330
Malicious code in bioql PyPI...