CVE-2026-7047 Frontend User Notes <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification via 'confirmEdit' Action

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

WordPress Frontend User Notes plugin <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification vulnerability

Cross-Site Request Forgery to Note Content Modification vulnerability discovered by Mohamed Wajih Hichri Assaults - TEK-UP in WordPress Plugin Frontend User Notes versions = 2.1.1...

[SECURITY] Fedora 44 Update: podofo-1.0.4-1.fc44

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

PT-2026-40898

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress contains an authorization bypass issue because it fails to properly verify if a user is authorized to perform specific actions. This allows...

CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification vulnerability

Missing Authorization to Authenticated Contributor+ Limited Page Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin User Registration versions = 5.1.4...

WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...

OrangeHRM 授权问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained an authorization...

CVE-2019-11786

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

CVE-2025-67282

TIM BPM Suite/TIM FLOW (through version 9.1.2) contains multiple Authorization Bypass vulnerabilities that permit a low-privilege user to: download other users’ password hashes, access other users’ work items, modify restricted workflow content, alter the application logo, and manipulate other us...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

Sony BRAVIA Digital Signage 安全漏洞

Sony BRAVIA Digital Signage is a digital signage system from Sony, Japan. A security vulnerability exists in Sony BRAVIA Digital Signage version 1.7.8, which originates from a remote file inclusion vulnerability in the URL parameter of the content material, which could lead to the hijacking of a...

Improper Access Control

Liferay Portal is vulnerable to improper access control. The vulnerability is due to APIs not restricting access before a user verifies their email address, which allows a remote attacker to access and modify content through the API without proper verification...

CVE-2025-59803

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers e.g., JavaScript in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the...

Missing Authentication for Critical Function

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Missing Authentication for Critical Function that allows users to access to and modify content by interacting with certain APIs before email verification is...

Improper Access Control

com.liferay.portal, release.portal.bom is vulnerable to improper access control. The vulnerability is due to the failure to restrict API access before a user changes their initial password, which allows an attacker to remotely access and modify content via the API...

EUVD-2019-5201

Malware in sbrugna...

EUVD-2008-3193

Malware in sbrugna...