CVE-2025-62034 WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...

CVE-2025-62034

CVE-2025-62034 is a Privilege Escalation in the WordPress theme Togo (

CVE-2025-60243

CVE-2025-60243 describes an Incorrect Privilege Assignment vulnerability in Holest Engineering’s Selling Commander for WooCommerce (selling-commander-connector) plugin, affecting WordPress/WooCommerce installations with versions up to and including 1.2.46. The public records indicate a privilege ...

CVE-2025-60195

CVE-2025-60195 affects the WordPress Atarim Visual Collaboration plugin (Atarim) version ≤ 4.2. The issue is an Incorrect Privilege Assignment that allows Privilege Escalation. CVSS v3.1 base score 9.8 (CRITICAL), with network attack vector, no user interaction required. Acknowledged affected ver...

CVE-2025-60195 WordPress Atarim plugin <= 4.2.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-49900 WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through = 1.1.8...

CVE-2025-49900

CVE-2025-49900 describes an Incorrect Privilege Assignment in the WordPress plugin Advanced Scrollbar (Advanced Scrollbar – Custom Scrollbar Styling and Behavior) , enabling Privilege Escalation for authenticated users (Subscriber+). Affected range is “from n/a through

EUVD-2025-38009

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through = 1.1.8...

CVE-2025-49900 WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through = 1.1.8...

PT-2025-45284

Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through = 1.2.46...

PT-2025-45268

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2...

PT-2025-45212

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through = 1.1.8...

CVE-2025-64322

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...

poc

Filament Demo PoC — mass-assignment Purpose Minimal reprod...

CVE-2025-36091

CVE-2025-36091 affects IBM Cloud Pak for Business Automation Core components (25.0.0, 24.0.1, 24.0.0). Description and vendor advisories identify an ownership misassignment vulnerability (CWE-283: Unverified Ownership) that could allow an authenticated user to make dashboards inaccessible to legi...

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...

N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM)

Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses a medium severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: Description | CVSS Score Severity | CVSS Vector | CWE...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin Assignments A poorly implemented DisplayPort Alt Mode port partner may indicate that its pin assignment capabilities exceed the maximum value, DPPINASSIGNF. In this case,...

CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

CVE-2025-40055

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in userclusterconnect userclusterdisconnect frees "conn-ccprivate" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free...