CVE-2025-67927 WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.8.8...

CVE-2025-67927 WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.8.8...

WordPress Link Whisper Free plugin <= 0.8.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Link Whisper Free versions = 0.8.8...

CVE-2025-11263

The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2025-201509

The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11263

CVE-2025-11263 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin Link Whisper Free (versions up to and including 0.8.8). The issue arises from insufficient input sanitization and output escaping in the type parameter, allowing unauthenticated attackers to inject scripts in...

PT-2025-49324

The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-62970

Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through = 0.9.2...

EUVD-2025-35975

Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through = 0.8.8...

CVE-2025-62970

CVE-2025-62970 concerns a Missing Authorization vulnerability in the WordPress plugin Link Whisper Free . Multiple sources (NVD, Red Hat, EUVD, CIRCL, CVE lists, Patchstack) describe it as exploitable via an incorrectly configured access control on the Link Whisper Free plugin (versions up to at ...

WordPress plugin Link Whisper Free security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

EUVD-2012-6584

Malware in sbrugna...

CVE-2025-59941 go-f3 is Vulnerable to Cached Justification Verification Bypass

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...

Go implementation of Fast Finality in Filecoin 安全漏洞

Go implementation of Fast Finality in Filecoin is a Golang library for a fast validation mechanism open-sourced by Filecoin. A security vulnerability exists in Go implementation of Fast Finality in Filecoin version 0.8.8 and earlier, which stems from the validation result caching mechanism not...

PT-2025-39916

Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.8 and below Description go-f3’s justification verification caching mechanism improperly caches verification results without considering the message context. An attacker can bypass justification verification by submitting a...

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

Fedora: Security Advisory (FEDORA-2025-92fd810e1d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

CVE-2025-4962

CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...

Lunary 访问控制错误漏洞

Lunary is a production toolkit for LLM from Lunary Open Source. An access control error vulnerability exists in Lunary version 0.8.8 and earlier, which stems from an insecure direct object reference that could lead to template creation overreach...