5526 matches found
CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure
The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...
PT-2025-43694
Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of reserved data attributes in the Sanitizer::validateAttributes function. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious scripts...
EUVD-2025-35535
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a through = 3.11.1...
CVE-2025-56800
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...
CVE-2025-56800
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...
CVE-2025-56800
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...
CVE-2025-56800
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...
Censorship Chokepoints: New Battlegrounds for Regional Surveillance, Censorship and Influence on the Internet
Undoubtedly, the Internet has become one of the most important conduits to information for the general public. Nonetheless, Internet access can be and has been limited systematically or blocked completely during political events in numerous countries and regions by various censorship mechanisms...
EUVD-2025-35227
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...
CVE-2025-56800
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62650
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...
Exploit for CVE-2025-56800
CVE-2025-56800 Local Authentication Bypass Vulnerability i...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62650
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...