5 matches found
BIT-MASTODON-2026-47777 Mastodon has a consent-check bypass in its remote Collections
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...
CVE-2020-27259
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code...
WordPress RegistrationMagic Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.RegistrationMagic is a user registration plugin used in it. A cross-site request forgery vulnerability exists in WordPress...
Arbitrary File Download Vulnerability in MS-MCMS Frontend of MDFMS Platform
MS-MCMS is a web management system using pure java development. A java + spring + mybatis web site building system developed by Mingfei Technology Co. MS-MCMS v4.6.0 version of the MS platform exists arbitrary file download vulnerability in the foreground , due to the system failed to...