1384 matches found
CVE-2025-13362 Norby AI <= 1.0.3 - Cross-Site Request Forgery to Settings Update
The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...
PT-2025-49227
The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save settings function. This makes it possible for...
CVE-2025-13387
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2025-48608
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...
CVE-2025-55222
CVE-2025-55222 affects Socomec DIRIS Digiware M-70 gateway (firmware 1.6.9). A DoS can be triggered by unauthenticated crafted Modbus TCP or Modbus RTU over TCP messages (USB Function), on port 503, causing device unresponsiveness. TALOS details confirm the vulnerability exists in Modbus TCP/RTU ...
CVE-2025-13538
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...
CVE-2025-12816
An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...
CVE-2025-12586
The CVE concerns the WordPress plugin Conditional Maintenance Mode for WordPress, affecting all versions up to and including 1.0.0. The root cause is missing nonce validation when toggling the maintenance mode status, leading to Cross‑Site Request Forgery (CSRF). This enables unauthenticated atta...
CVE-2025-12752
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...
CVE-2025-11676
Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...
CVE-2025-12827
CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...
CVE-2021-4467
Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...
EUVD-2024-26050
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...
CVE-2025-30255
Out-of-bounds write for some IntelR PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This...
CVE-2025-35967
Intel PROSet/Wireless WiFi Software for Windows before version 23.160 contains an out-of-bounds read in Ring 2 device drivers that may allow a denial of service. An unprivileged, unauthenticated attacker with low complexity and adjacent access, requiring no user interaction, could impact availabi...
EUVD-2025-37893
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS...
PT-2025-45128
Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.4 Patch 4 or version 3.5 Description A flaw in the RADIUS setting of Cisco Identity Services Engine ISE allows an unauthenticated, remote attacker to cause the system to restart unexpectedly,...
CVE-2025-12403 Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...
CVE-2025-12400
CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...
CVE-2025-12401
The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...