CVE-2026-5415 WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

EUVD-2025-202359

The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'eltdfmembershipcheckfacebookuser' and the...

EUVD-2018-10933

Malware in sbrugna...

CVE-2025-52858

CVE-2025-52858 is a NULL pointer dereference affecting QNAP QTS and QuTS hero. The vulnerability could allow a remote attacker with an administrator account to trigger a denial-of-service (DoS). Public details confirm affected products and root cause as a NULL pointer dereference, with exploitati...

CVE-2025-5060

CVE-2025-5060 refers to the Bravis User plugin for WordPress (versions up to 1.0.0) with an authentication bypass. The issue arises from improper handling of login data verified via the facebook_ajax_login_callback(), enabling unauthenticated attackers to log in as administrator users if they hav...

CVE-2024-9933

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...

PT-2024-34664 · WordPress · Login With Phone Number

Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to 1.7.26 Description: The issue is related to authentication bypass due to the activation code default value being empty and a missing not empty check in the lwp ajax register function...

Dataprobe iBoot-PDU 安全漏洞

The Dataprobe iBoot-PDU is a web-accessible managed PDU independently controlled outlet from Dataprobe USA. A security vulnerability exists in Dataprobe iBoot-PDU FW prior to version 1.42.06162022, which stems from the product exposing multiple sensitive data fields, and can be exploited by an...

Genua high-resistance-firewall-genugate 访问控制错误漏洞

Genua high-resistance-firewall-genugate is an application from the German company Genua. Provides a network protection feature An Access Control Error vulnerability exists in Genua high-resistance-firewall-genugate, which originates during login, when the authentication method does not check the...

Crixp Opencrx License Issue Vulnerability

Crixp Crixp Opencrx is a website builder for managing the sales process from the Swiss company Crixp. The system is based on the Java API of the Java client and the Swagger-compatible RESTful API and can be used in sales, service, marketing, contact center and issue management scenarios. A securi...

Logitec LAN-W300N/R series fails to restrict access permissions

Overview Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Jin Sawada, Keisuke Okazaki, Naoto Katsumi of Security...