1387 matches found
CVE-2025-12403 Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...
CVE-2025-12400
CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...
CVE-2025-12401
The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...
EUVD-2025-35955
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...
CVE-2025-12028
The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...
Sauter modu680-AS 安全漏洞
Sauter modu680-AS is a modular automation station and web server from Sauter, Switzerland. A security vulnerability exists in the Sauter modu680-AS that can be exploited by an unauthenticated remote attacker to crash the wscserver by sending an incomplete SOAP request and the process cannot be...
EUVD-2025-34978
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...
CVE-2025-34254
D-Link Nuclias Connect: firmware
CVE-2025-41705
An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
CVE-2024-33507
CVE-2024-33507 affects FortiIsolator: multiple releases are vulnerable due to an insufficient session expiration (CWE-613) and an incorrect authorization flaw (CWE-863). A remote unauthenticated attacker can deauthenticate logged-in administrators by sending a crafted cookie, and a remote authent...
CVE-2025-41704 Phoenix Contact: Unauthenticated Modbus Service DoS via Crafted Function Code
An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality...
EUVD-2021-14353
Malware in sbrugna...
EUVD-2017-12721
Malware in sbrugna...
EUVD-2017-12461
Malware in sbrugna...
EUVD-2019-11278
Malware in sbrugna...
EUVD-2016-9607
Malware in sbrugna...
EUVD-2019-13540
Malware in sbrugna...
EUVD-2020-24460
Malware in sbrugna...
EUVD-2020-22604
Malware in sbrugna...