PT-2026-40580

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the get course id by function unconditionally trusting the user-supplied course GET parameter as the authoritative cour...

CVE-2026-41406 OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted Messages

OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...

GHSA-5PGF-H923-M958 Craft CMS may expose private assets through anonymous "generate transform" calls via transform URL

Summary An unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. The endpoint is anonymous and does not enforce per-asset authorization before returning the transform URL. Details Root cause: - Anonymous...

CVE-2021-27374

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."...

EUVD-2008-2268

Malware in sbrugna...

EUVD-2013-1903

Malware in sbrugna...

EUVD-2009-4525

Malware in sbrugna...

EUVD-2024-47301

Malicious code in bioql PyPI...

CVE-2023-44129

The vulnerability is that the Messaging "com.android.mms" app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a...

DRUPAL-CONTRIB-2023-040

The Data Field module provides a way of building field types that are made up of other fields, a simpler alternative to e.g. the Paragraphs system. Access to these forms isn't properly validated, allowing a user with the "access content" permission to view and edit fields on entities...

CVE-2022-4874 Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a "fake logi...

PT-2021-16333 · WordPress · Insert Pages

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.0 Description: The issue allows users with a role as low as Contributor to access content and metadata from arbitrary posts or pages, regardless of their author and status, including private...

CVE-2018-5166

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...

Cross site request forgery (csrf)

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...

CVE-2018-5166

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...

Unspecified Security Bypass Vulnerability in TYPO3

TYPO3 is a content management system. TYPO3 has a security vulnerability that allows remote editors to bypass security restrictions and access, modify, and create content for other editors...

CVE-2013-4498

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content"...

What is the Deep Web? A first trip into the abyss

The Deep Web or Invisible web is the set of information resources on the World Wide Web not reported by normal search engines. According several researches the principal search engines index only a small portion of the overall web content, the remaining part is unknown to the majority of web user...

Drupal's <= v6.x-1.0 Realname User Reference Widget contributed module

Exploit for unknown platform in category web applications ====================================================================== Drupal's Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily...

Drupal Realname User Reference Information Disclosure

Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module version 6.x-1.0 Discovered by Martin Barbella Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easil...