CRLF Injection

Overview ebay-mcp is a Local MCP server for eBay APIs - provides access to eBay developer functionality through MCP Model Context Protocol Affected versions of this package are vulnerable to CRLF Injection via the updateEnvFile function of the ebaysetusertokens tool. An attacker can inject...

CVE-2025-12887 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handlegmailoauthredirect' function. This makes it possible for...

CVE-2025-9213

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...

EUVD-2025-32289

Malicious code in bioql PyPI...

EUVD-2024-47109

Malicious code in bioql PyPI...

CVE-2025-9213

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...

CVE-2025-9213 TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...

CVE-2025-9213 TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...

CVE-2025-9213

CVE-2025-9213 – TextBuilder (WordPress) CSRF to Privilege Escalation . TextBuilder plugin versions 1.0.0–1.1.1 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the handleToken function. An unauthenticated attacker could trick a site administrator into perf...

PT-2025-40492

Name of the Vulnerable Software and Affected Versions WordPress TextBuilder plugin versions 1.0.0 through 1.1.1 Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation. An unauthenticated attacker can update a user's authorization token b...

CVE-2024-5993

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CLSA-2025-1746655592 grafana: Fix of CVE-2025-30204

CVE-2025-30204: update golang-jwt/jwt to v4.5.2 to prevent a vulnerability that could lead to excessive memory allocation when parsing untrusted JWT tokens using ParseUnverified...

WordPress plugin Cliengo - Chatbot security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress plugin Cliengo ...

PT-2024-15513 · WordPress · Custom Twitter Feeds – A Tweets Widget/X Feed Widget

Name of the Vulnerable Software and Affected Versions: Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ctf auto sav...

Design/Logic Flaw

When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-22389 BIG-IP iControl REST API Vulnerability

When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-22389

CVE-2024-22389 affects BIG-IP in HA deployments where updating an iControl REST API token fails to sync to the peer, a control-plane issue impacting confidentiality, integrity, and availability (CVSS v3.1 base 7.2). Affected releases and fixes: BIG-IP (all modules) vulnerable in 17.1.0; fix intro...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 Corporation that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in the F5 BIG-IP that originates when the BIG-IP is deployed with High Availability HA and an iControl...

PT-2023-13734 · WordPress · Authenticator

Name of the Vulnerable Software and Affected Versions: Authenticator WordPress plugin versions prior to 1.3.1 Description: The issue arises from the plugin's failure to restrict subscribers from updating a site's feed access token. This could potentially deny other users access to certain...

CVE-2022-36106 Missing check for expiration time of password reset token in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even ...