baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

WordPress Essential Real Estate plugin <= 5.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Essential Real Estate versions = 5.2.6...

AZL-77493 CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

WordPress 워드프레스 결제 심플페이 plugin <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.2.2...

GHSA-564R-HJ7V-MCR5 Spring Framework vulnerable to denial of service via specially crafted SpEL expression

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...