CVE-2025-12018 MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-46568

Name of the Vulnerable Software and Affected Versions MembershipWorks – Membership, Events & Directory plugin for WordPress versions prior to 6.14 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping...

CVE-2024-34090

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. The login banner in the Archer Control Panel ACP did not previously escape content appropriately. 6.14 P3 6.14.0.3 is also a fixed release...

Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform version 6.x prior to 6.14 P2 HF2 6.14.0.2.2, which stems from the presence of a sensitive information disclosure vulnerability, whereby an unauthenticated attacker...

PT-2023-30866 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6.x through 6.14 P1 HF2 6.14.0.1.2 Description: The issue allows an authenticated malicious user in a multi-instance installation to potentially exploit it by manipulating application resource references in user...

PT-2023-18407 · Pgadmin 4 +3 · Pgadmin 4 +3

Name of the Vulnerable Software and Affected Versions: pgAdmin 4 versions prior to v6.14 Description: The issue allows a remote unauthenticated attacker to redirect a user to an arbitrary web site, potentially conducting a phishing attack by having the user access a specially crafted URL...

pgAdmin 4 vulnerable to open redirect

Overview pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. SHIGA TAKUMA of BroadBand Security, Inc. and Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Cloudflare Public Bug Bounty: I found another way to bypass Cloudflare Warp lock!

It was possible to bypass Lock WARP switch feature on WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused WARP client to disconnect and allowed the user to bypass...

Design/Logic Flaw

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign characters but is not a valid credentials file...

Cloudflare Public Bug Bounty: Bypass Cloudflare WARP lock on iOS.

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by the client, this feature could be bypassed by using the "Disable WARP" quick action. The issue affected WARP client...

Atlassian Confluence 6.14.x < 6.15.10 Man-In-The-Middle

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.11.x 6.13.10, 6.14.x 6.15.10, 7.0.1 7.0.5 or 7.1.x 7.1.2. It is, therefore, affected by a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin. Note that t...

Atlassian Confluence 6.14.x < 6.14.3 / 6.15.x < 6.15.5 stored cross-site-scripting (SXSS) Vulnerability

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.14.x prior to 6.14.3, or 6.15.x prior to 6.15.5. It is, therefore, affected by a stored cross-site-scripting SXSS vulnerability. due to improper validation of user-supplied input...

Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities

Binary data 700661.prm...