128 matches found
PT-2026-39584
Name of the Vulnerable Software and Affected Versions WSO2 APIM versions 3.x Description The software fails to enforce role-based access controls for certain Gateway API and Internal Service API invocations. Users assigned the 'Internal/Everyone' role can invoke these APIs, bypassing intended...
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...
Chamilo 跨站请求伪造漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site request forgery vulnerability. This vulnerability stemmed from the lack of anti-CSRF protection during sensitive operations such as project deletion, which could...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from improper access control in the Account REST API. This vulnerability may allow users with low security levels to perform sensitive operations, potential...
When Skills Lie: Hidden-Comment Injection in LLM Agents
LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...
WordPress plugin Freshchat 安全漏洞
WordPress Freshchat plugin is a tool for integrating live chat functionality on WordPress websites, mainly providing customer support and user interaction features. The WordPress Freshchat plugin suffers from a cross-site request forgery vulnerability that originates from a web application that...
WordPress plugin Auto Alt Text 跨站请求伪造漏洞
WordPress Auto Alt Text plugin is a tool that uses artificial intelligence technology to automatically generate alternative text AltText for website images. The WordPress Auto Alt Text plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does no...
WordPress plugin Nextend Social Login and Register 跨站请求伪造漏洞
WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...
WordPress plugin Custom Post Type 跨站请求伪造漏洞
WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...
WordPress WP Manager plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...
WordPress Easy Email Subscription plugin Cross-Site Request Forgery Vulnerability
WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. The WordPress Easy Email Subscription plugin suffers from a cross-site request forgery vulnerability that originates from a web application that does not adequately validate...
WordPress Bard plugin cross-site request forgery vulnerability
WordPress Bard plugin is a tool used to stop chatbots such as Bard from crawling the content of your website, which is achieved by modifying the virtual robots.txt file. The WordPress Bard plugin suffers from a cross-site request forgery vulnerability that originates when a web application does n...
WordPress plugin Depicter 跨站请求伪造漏洞
WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...
WordPress plugin Ally 跨站请求伪造漏洞
WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...
EUVD-2019-13566
Malware in sbrugna...
EUVD-2014-0199
Malware in sbrugna...
EUVD-2020-26904
Malware in sbrugna...
EUVD-2021-14500
Malware in sbrugna...
EUVD-2024-1364
Malicious code in bioql PyPI...
EUVD-2025-6943
Malicious code in bioql PyPI...