PT-2025-44711

Name of the Vulnerable Software and Affected Versions Folderly plugin for WordPress versions through 0.3 Description The Folderly plugin for WordPress has a flaw that allows unauthorized data modification. This is due to an inadequate capability check on the...

CVE-2025-62712

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint...

CVE-2025-8850

CVE-2025-8850 affects librechat 0.7.9. The backend fails to properly validate OTP/backup codes when calling the /api/auth/2fa/disable endpoint, allowing an authenticated user to disable 2FA without completing the required verification. This insecure API design can weaken the user’s account securi...

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

EUVD-2025-37013

Byaidu PDFMathTranslate vulnerable to open redirect...

GHSA-PFRV-63W8-Q7RQ Byaidu PDFMathTranslate vulnerable to open redirect

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

CVE-2025-50736

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

CVE-2025-50736

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

CVE-2025-50736

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

D-Link Nuclias Connect Directory Traversal Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. A directory traversal vulnerability exists in D-Link Nuclias Connect, which stems from improper cleanup ...

CVE-2025-10545

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

CVE-2025-41443

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

WordPress SureForms plugin information disclosure vulnerability

WordPress SureForms plugin is a visual form builder plugin designed for WordPress , support drag and drop operation , no programming foundation to quickly build responsive forms . An information disclosure vulnerability exists in the WordPress SureForms plugin, which stems from improper access...

EUVD-2025-34824

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may b...

CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

PT-2025-41848

Name of the Vulnerable Software and Affected Versions SureForms – Drag and Drop Form Builder for WordPress versions prior to 1.12.2 Description The SureForms – Drag and Drop Form Builder for WordPress plugin contains a flaw in access control. Specifically, the...

CVE-2025-11607

A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...

CVE-2025-11607

The CVE-2025-11607 entry affects harry0703 MoneyPrinterTurbo up to 1.2.6, specifically the upload_music function in app/controllers/v1/music.py of the API Endpoint. The vulnerability arises from path traversal via manipulation of the File argument, enabling remote exploitation. Multiple connected...

CVE-2025-11607

A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...

CVE-2025-11529

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...