32 matches found
CVE-2026-2554
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfmdeletewcfmcustomer' due to missing validation on the 'customerid' user...
CVE-2026-2554 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfmdeletewcfmcustomer' due to missing validation on the 'customerid' user...
PT-2026-36617
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm delete wcfm customer' due to missing validation on the 'customerid' us...
CVE-2026-4896
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...
CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...
CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...
CVE-2026-4896
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...
CVE-2026-4896
The CVE-2026-4896 entry concerns the WCFM – Frontend Manager for WooCommerce plugin with the Bookings Subscription Listings Compatible extension for WordPress, affected up to version 6.7.25. The vulnerability is an Insecure Direct Object Reference (IDOR) affecting authenticated users with Vendor-...
PT-2026-30313
Name of the Vulnerable Software and Affected Versions WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.25 Description The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription...
PT-2026-1845
Name of the Vulnerable Software and Affected Versions Columbia Weather Systems MicroServer affected versions not specified Description The MicroServer copies portions of the system firmware to an unencrypted external SD card during boot. This firmware includes user and vendor secrets in plaintext...
EUVD-2017-6742
Malware in sbrugna...
EUVD-2025-25808
Malicious code in bioql PyPI...
CVE-2025-5931
CVE-2025-5931 : Dokan Pro (WordPress)
CVE-2025-5931 Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for...
CVE-2025-5931 Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for...
PT-2025-34740
Name of the Vulnerable Software and Affected Versions: Dokan Pro versions prior to 4.0.6 Description: The Dokan Pro plugin for WordPress is susceptible to privilege escalation via account takeover. The issue stems from insufficient user identity validation during staff password resets, allowing...
CVE-2024-48126
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...
PT-2025-2792 · Unknown · Hi-Scan 6040I
Name of the Vulnerable Software and Affected Versions: HI-SCAN 6040i Hitrax HX-03-19-I Description: The issue concerns hardcoded credentials in the system, which could allow unauthorized access to vendor support and service access. Recommendations: For HI-SCAN 6040i Hitrax HX-03-19-I, consider...
CVE-2024-2725
Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application...
The Company You Keep – Preparing for supply chain attacks with Talos IR
Given the increasing frequency of supply chain attacks, the sophistication of those attacks, and the expansion of the attack surface beyond an organizations direct control, incident preparedness and response activities must be considered in the overall supply chain risk mitigation strategy. Suppl...