CVE-2026-28803 Open Forms possible to view submission details of other people than intended

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

WordPress plugin WP-CRM System has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SUSE CVE-2025-67717

ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the tot...

CVE-2025-68587

Technical details for CVE-2025-68587 are not provided in the supplied documents. The Connected sources do not specify affected versions, root cause, impact, or remediation. Monitor for official updates to confirm scope and fixes.

WordPress plugin Watu Quiz 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Watu Quiz versions = 3.4.5...

CVE-2025-67717

ZITADEL (open-source identity infrastructure) has an information disclosure vulnerability: versions 2.44.0–3.4.4 and 4.0.0-rc.1–4.7.1 disclose the total number of instance users to authenticated users via the totalResult field. This does not expose individual user data, but the total user count c...

Linux Distros Unpatched Vulnerability : CVE-2018-14631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provide...

CVE-2023-22331

Use of default credentials vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information...

PT-2024-39524 · Express · Express

Name of the Vulnerable Software and Affected Versions: Express versions 3.4.5 through 4.0.0 Description: This issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, affecting the use of the Express Response object. Recommendations: For Express...

GHSA-HJFC-6JXR-J2RX Eclipse Ditto vulnerable to Cross-site Scripting

In Eclipse Ditto starting in version 3.0.0 and prior to versions 3.4.5 and 3.5.6, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS Cro...

CVE-2023-22373

Cross-site scripting vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information...

CVE-2023-22334

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

PT-2023-18467 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions 3.4.5 and earlier Description: A cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script and obtain sensitive information. Recommendations: For CONPROSYS HMI System CHS...

PT-2023-18435 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions 3.4.5 and earlier Description: The issue allows a remote unauthenticated attacker to alter user credentials information due to the use of default credentials. Recommendations: For CONPROSYS HMI System CHS...

Authorization

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...