CVE-2025-4202 Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

Django Uses Persistent Cookies Containing Sensitive Information

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

In this article 1. Technical details 2. Disclosure timeline 3. Mitigation and protection guidance 4. References 5. Learn more During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps ...

EUVD-2026-20402

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

CVE-2026-34899 WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...

CVE-2026-22844 Zoom Node Deployments - Command Injection

A Command Injection vulnerability in Zoom Node Multimedia Routers MMRs before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access...

CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...

CVE-2025-62888

CVE-2025-62888 : Affected software is the WP Attachments plugin for WordPress, with a Missing Authorization vulnerability reported for versions “n/a through 5.2.” The provided CVSS 3.1 vector indicates network access with low privileges and no user interaction, resulting in confidentiality/availa...

CVE-2025-12953 Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "rtclajaxaddlistingtype", "rtclajaxupdatelistingtype", and "rtclajaxdeletelistingtype" function in all...

PYSEC-2025-108

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

Amazon AWS VPN Client 安全漏洞

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client versions prior to 5.2.2 that originates from referencing an unprotected OpenSSL configuration file during installation, which could lead to arbitrary...

like-girl 安全漏洞

like-girl is a couple logging tool by the individual developer of kiCode111 in China. A security vulnerability exists in like-girl version 5.2.0, which originates from SQL injection due to incorrect operation of the parameter icp/Copyright in the file /admin/CopyadminPost.php...

CVE-2022-26585

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...

CVE-2020-20392

SQL Injection vulnerability in imcat v5.2 via the fmauser parameters in coms/addcoms.php...

CVE-2025-30476

Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

OpenHarmony 资源管理错误漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom OpenAtom Foundation. A resource management error vulnerability exists in OpenHarmony 5.0.2 and earlier versions, which stems from reuse after release and could lead to arbitrary code execution in pre-installe...

MAL-2025-769 Malicious code in @haysee/v5.2 (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-22387

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking...

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from a vulnerability that allows session tokens bound to logged out sessions to remain active and available...

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the userId...