CVE-2024-1083

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...

CVE-2024-27085

Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. User...

CVE-2024-24702

Cross-Site Request Forgery CSRF vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5...

CVE-2023-47518

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Matthew Muro Restrict Categories plugin = 2.6.4 versions...

CVE-2023-41861

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Restrict plugin = 2.2.4 versions...

PT-2025-22957 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 versions up to 20250523 Description: A critical issue was found in the D-Link DI-8100, affecting the httpd get parm function of the /login.cgi file in the jhttpd component. The manipulation of the notify argument leads to a...

PT-2025-22329

Name of the Vulnerable Software and Affected Versions Proget MDM versions prior to 2.17.5 Description A low-privileged user can obtain information about tasks executed on devices controlled by Proget MDM, as well as details of the devices like their UUIDs. To perform the attack, an attacker needs...

PT-2025-22335 · WordPress · Splitit

Name of the Vulnerable Software and Affected Versions: Splitit plugin for WordPress versions up to, and including, 4.2.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify plugin settings due to missing capability checks on several functions in...

PT-2025-22123 · WordPress · Order Delivery Date

Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.4.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it...

PT-2025-21859 · Code Projects · Code-Projects Police Station Management System

Name of the Vulnerable Software and Affected Versions: code-projects Police Station Management System version 1.0 Description: A critical issue was found in the function criminal::display of the file source.cpp of the component Display Record. The manipulation of the argument N leads to buffer...

CVE-2025-47701

Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from not checking the RestrictSystemAdmin setting, which can be exploited by an attacker to cause a system administrator to access...

CVE-2025-47701

Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...

CVE-2025-47701

Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...

CVE-2025-47701

CVE-2025-47701 — Drupal Restrictions module CSRF risk Root cause: A Cross-Site Request Forgery (CSRF) vulnerability in the Drupal Restrict route by IP module arises from insufficient protection for certain routes, enabling unauthorized actions. The issue affects Restrict route by IP versions 0.0....

CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047

Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...

CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047

Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...

PT-2025-21189 · Unknown · Restrict Route By Ip

Name of the Vulnerable Software and Affected Versions: Restrict route by IP versions 0.0.0 through 1.2.x Restrict route by IP version 1.3.0 is not affected, so the correct range is: Restrict route by IP versions 0.0.0 through 1.2.x Description: A Cross-Site Request Forgery CSRF issue affects the...