CVE-2026-8423

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 2.0.5 due to missing/incorrect nonce validation on the options page. This allows unauthenticated attackers to change the site’s active theme by modifying the ...

PT-2026-42079

Name of the Vulnerable Software and Affected Versions JaviBola Custom Theme Test versions prior to 2.0.6 Description The JaviBola Custom Theme Test plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw, which occurs when a web application allows an attacker to induce a user to...

Exploit for CVE-2025-48757

cso-vibecheck Senior-CSO security audit skill for vibe-coded...

PT-2026-24619

Summary The /studiocms api/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target...

CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

EUVD-2023-41876

Malicious code in bioql PyPI...

EUVD-2023-43963

Malicious code in bioql PyPI...

EUVD-2023-43960

Malicious code in bioql PyPI...

EUVD-2023-43962

Malicious code in bioql PyPI...

EUVD-2023-41874

Malicious code in bioql PyPI...

EUVD-2023-43961

Malicious code in bioql PyPI...

EUVD-2023-41877

Malicious code in bioql PyPI...

EUVD-2023-41878

Malicious code in bioql PyPI...

EUVD-2023-41875

Malicious code in bioql PyPI...

EUVD-2023-43964

Malicious code in bioql PyPI...

EUVD-2023-41880

Malicious code in bioql PyPI...

EUVD-2023-41879

Malicious code in bioql PyPI...

EUVD-2025-0088

Malicious code in bioql PyPI...

EUVD-2023-43965

Malicious code in bioql PyPI...

Closing the Loop on API Security: How Imperva Helps You Expose, Contain, and Mitigate Business Logic Threats

In a world powered by APIs, waiting for an attack is waiting too long. Business logic risks like Broken Object Level Authorization BOLA don’t announce themselves with obvious signatures or malware. They hide in plain sight within normal-looking traffic and by the time a BOLA exploit turns into a...