WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability

Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...

CVE-2025-9622 WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing

The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for...

UBUNTU-CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

Fastly VDP: Unauthenticated cache purging

An unauthenticated cache purging vulnerability was found in the website of Fanout.io, allowing unauthenticated users to purge the cache of the website. This could potentially lead to various types of attacks such as website defacement, unauthorized access to sensitive data, or denial of service D...

Fedora 19 : mediawiki-1.21.2-1.fc19 (2013-15984)

SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...