EUVD-2026-4894

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2026-1398 Change WP URL <= 1.0 - Cross-Site Request Forgery to Settings Update

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2026-24578

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through = 1.1.5...

CVE-2026-24578

CVE-2026-24578 is a Missing Authorization (Broken Access Control) issue in the WordPress plugin Admin login URL Change. Affected versions 1.1.5 or apply vendor-provided fixes as they become available. Monitor advisories (e.g., Patchstack, CVE listings, PT Security writeups) for any updated impac...

CVE-2026-24578 WordPress Admin login URL Change plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through = 1.1.5...

MiracleLinux 8 : firefox-128.8.0-1.el8_10.ML.1 (AXSA:2025-9730:07)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9730:07 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process...

EUVD-2021-16118

Malware in sbrugna...

EUVD-2022-24883

Malicious code in bioql PyPI...

EUVD-2024-28997

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-5257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with...

CVAD 2402 - Citrix Storefront SSO failed after change the Base URL

After the customer modified the Base URL setting to use a different hostname, single sign-on SSO functionality stopped working for all users across the environment. However, when the Base URL is reverted back to the original hostname of the StoreFront server, single sign-on resumes normal operati...

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

Error: "HTTP Error 404" When Accessing StoreFront Through NetScaler Gateway

Error: "HTTP Error 404" when accessing StoreFront through NetScaler Gateway. This issue surfaces after changing the StoreFront base URL from HTTP to HTTPS. The following is the NetScaler Session Profile snippet:...

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...

CVE-2023-4378

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

PT-2023-28979 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.8 through 16.1.4 GitLab CE/EE versions 16.2 through 16.2.4 GitLab CE/EE versions 16.3 through 16.3.0 Description: An issue has been discovered that allows a malicious Maintainer to leak the sentry token under specific...

YSoft SAFEQ 6 安全漏洞

YSoft SAFEQ 6 is an enterprise print management suite solution platform from the Czech company YSoft. A security vulnerability exists in YSoft SAFEQ 6 Server versions prior to 6.0.82, which stems from the fact that when changing the URL of an LDAP server configuration from LDAPS to LDAP, the syst...

UBUNTU-CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

systemd security and bug fix update

239-68.0.2.1 - Backport upstream pstore dmesg fix Orabug: 34850699 - Standardize ioctl BTRFSIOCQGROUPCREATE check and return -ENOTCONN, if quota is not enabled Orabug: 34694253 - Disable unprivileged BPF by default Orabug: 32870980 - backport upstream pstore tmpfiles patch Orabug: 31420486 - udev...

UBUNTU-CVE-2022-4365

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...