1394 matches found
CVE-2025-13363
CVE-2025-13363 concerns the IMAQ CORE WordPress plugin. According to Wordfence, versions up to and including 1.2.1 are vulnerable to a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the URL structure settings update function. This enables unauthenticated attackers to modify ...
CVE-2025-14162
CVE-2025-14162 affects the BMLT WordPress Plugin (
PT-2025-50849
The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attacke...
WordPress plugin Purchase and Expense Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site request...
WordPress plugin Truefy Embed 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
WordPress plugin Rabbit Hole 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
WordPress plugin Infility Global 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-50862
The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2025-67719
Summary: CVE-2025-67719 affects Ibexa’s User Bundle in the Ibexa DXP. Versions 5.0.0-beta1–5.0.3 lack proper password-change validation due to an error introduced during the v4→v5 transition, allowing a logged-in attacker with an unattended session to change a user’s password without knowing the ...
CVE-2025-67719 Ibexa User Bundle is missing password change validation
Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...
EUVD-2025-202442
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A...
UBICOD Medivision Digital Signage 跨站请求伪造漏洞
UBICOD Medivision Digital Signage is a digital signage software for healthcare environments from UBICOD Medivision, a South Korean company. A cross-site request forgery vulnerability exists in UBICOD Medivision Digital Signage version 1.5.1, which stems from a lack of request validation and could...
📄 YOURLS 1.8.2 SQL Injection
Proof of concept for a remote SQL injection vulnerability in YOURLS version 1.8.2. ============================================================================================================================================= | Title : YOURLS 1.8.2 SQL Injection & System Compromise in Administrati...
Cross-site Scripting (XSS)
Overview shopware/storefront is a storefront for Shopware. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the waitTime or errorSnippet parameters in the login page, which are rendered directly in the template without input validation. An attacker can execute...
CVE-2025-40800
A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Updat...
CVE-2025-40801
The CVE-2025-40801 family describes a vulnerability where the SALT (Siemens Advanced Licensing Toolkit) SDK omits server certificate validation when establishing TLS connections to the authorization server. This allows potential man-in-the-middle attacks affecting Siemens products such as COMOS, ...
CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
CVE-2025-65288
A buffer overflow in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long...
PT-2025-49832
Name of the Vulnerable Software and Affected Versions COMOS versions prior to V10.6 NX versions prior to V2412.8700 NX versions prior to V2506.6000 Simcenter 3D versions prior to V2506.6000 Simcenter Femap versions prior to V2506.0002 Solid Edge SE2025 versions prior to V225.0 Update 10 Solid Edg...
Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...