WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

WordPress Plugin All Bootstrap Blocks Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin All Bootstrap Blocks, which...

PT-2025-7412 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.8, including 8.3.x Description: The product does not perform an authorization check when an actor attempts to access a resource or perform an action. This...

CVE-2025-23771 WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability

Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...