WordPress plugin PostX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-52057

Name of the Vulnerable Software and Affected Versions e-plugins Hotel Listing versions through 1.4.0 Description An incorrect privilege assignment exists in the Hotel Listing plugin, potentially allowing privilege escalation. The issue is present in the hotel-listing component. Recommendations...

PT-2025-52051

Name of the Vulnerable Software and Affected Versions PostX versions through 4.1.35 Description An incorrect privilege assignment exists in WPXPO PostX ultimate-post, potentially allowing privilege escalation. Recommendations Update PostX to a version later than 4.1.35...

PT-2025-52102

Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through = 1.5.8...

WordPress plugin Hotel Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2023-53914

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

CVE-2023-53914

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

CVE-2023-53914 UliCMS 2023.1 Authentication Bypass via Mass Assignment Vulnerability

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

CVE-2023-53914

CVE-2023-53914 affects UliCMS 2023.1. An authentication bypass exists due to mass assignment in the UserController, enabling unauthenticated attackers to create admin users by sending a crafted POST to the admin/index.php endpoint with specific parameters, yielding full system access. Root cause:...

CVE-2023-53914 UliCMS 2023.1 Authentication Bypass via Mass Assignment Vulnerability

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

PT-2025-51952

Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1 Description An authentication bypass allows unauthenticated attackers to create administrative users. This is possible through mass assignment in the UserController by sending a crafted POST request to the ''index.php''...

UliCMS 安全漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A security vulnerability exists in UliCMS version 2023.1, which stems from an improper bulk assignment in UserController that could lead to authentication bypa...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the processing of ArgoCD Custom Resources. A namespace admin can gain elevated privileges and execute arbitrary workloads with root access on master nodes by crafting malicious custom resources after...

EUVD-2025-203232

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

AZL-71420 CVE-2025-40251 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific rateleafparentset or...

CVE-2025-40231 vsock: fix lock inversion in vsock_assign_transport()

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

Insecure Direct Object Reference (IDOR)

com.liferay.portal, com.liferay.portal.impl is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter, which allows an attacker to assign an organization to a user acros...

Physical ID-Transfer Attacks against Multi-Object Tracking Via Adversarial Trajectory

Multi-Object Tracking MOT is a critical task in computer vision, with applications ranging from surveillance systems to autonomous driving. However, threats to MOT algorithms have yet been widely studied. In particular, incorrect association between the tracked objects and their assigned IDs can...

PT-2025-48210

Name of the Vulnerable Software and Affected Versions VIPRE Advanced Security for PC affected versions not specified Description A local attacker can gain higher-level access on systems running VIPRE Advanced Security for PC. To exploit this, an attacker must first be able to run code with limite...

GO-2025-4153 Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana

Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...