mJobtime 安全漏洞

mJobtime is a time tracking and job management software from the US-based mJobtime, Inc. A security vulnerability exists in mJobtime version 15.7.2 that stems from improper handling of client-side authorization and could allow an attacker to modify client-side code and gain access to administrato...

CVE-2025-51682

mJobtime v15.7.2 is affected by two issues. CVE-2025-51682 describes client‑side authorization handling that can be bypassed to gain access to administrative features by modifying client code and crafting requests that call admin functions. CVE-2025-51683 describes a blind SQL injection via a cra...

CVE-2025-7820

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

CVE-2025-7820

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

CVE-2025-7820 SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

CVE-2025-13762

CVE-2025-13762 affects the CyberArk Secure Web Sessions Extension for Chrome/Edge. The root cause is improper input validation in the extension, leading to a Denial of Service when starting new SWS sessions. Affected versions are before 2.2.30305. Exploitation is noted as possible with local vect...

CVE-2025-13762 Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305

Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305...

WordPress plugin SKT PayPal for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-48233

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

PT-2025-48178

Name of the Vulnerable Software and Affected Versions Overhang.IO tutor-open-edx version 20.0.2 Description A security issue exists in Overhang.IO tutor-open-edx version 20.0.2 that could allow local unauthorized attackers to access sensitive information. This is due to missing cache-control HTTP...

JLSEC-2025-227 Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted ...

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtlssslsethostname...

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

EUVD-2025-197999

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early...

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from storing plaintext passwords in client-side localStorage...

CVE-2025-56527

The CVE-2025-56527 entry concerns Kotaemon 0.11.0 where plaintext passwords are stored in the client’s localStorage. The associated CVSS 3.1 score is 7.5 (HIGH) with an attack vector of Network, attack complexity Low, no privileges required, no user interaction, and but with Confidentiality Impac...

Windu CMS 安全漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A security vulnerability exists in Windu CMS version 4.1, which stems from insufficient client-side brute force protection and could lead to brute force attacks...