GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.8.9, 18.9.5...

BIT-DISCOURSE-2026-32143 Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could expose sensitive operational data intended only for...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export vulnerability

WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin = 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export vulnerability discovered by abrahack in WordPress Plugin ReviewX versions = 2.2.12...

EUVD-2025-208926

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is affected up to version 2.2.12. The vulnerability is a SENSITIVE INFORMATION EXPOSURE via the allReminderSettings function, allowing unauthenticated attackers to ob...

CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

📄 Webb Fontaine Trade Portal Information Disclosure

A security vulnerability was identified in the Webb Fontaine Trade Portal affecting the codification module /trade/help/codification. The issue allows unauthorized users to trigger data export functionality via the /export/excel endpoint without proper validation of session state or user...

PT-2026-27048

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

EUVD-2026-12378

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/adminusuarios.cgi?filtroestado=T&wAccion=listadoxlsx&wBuscar=&wFiltrar=&wOrden=altausuario&widcursoActual=ID' where the data of users enrolled in the course is exported. Successfu...

CVE-2026-3110

CVE-2026-3110 describes an insecure direct object reference (IDOR) in Campus Educativa. An unauthenticated attacker can access user data by exploiting the endpoint /administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrden=alta_usuario&wid_cursoActual=[ID], ...

CVE-2026-1867

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

EUVD-2026-11086

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

CVE-2026-1867

The CVE concerns the WordPress plugin Guest posting / Frontend Posting / Front Editor, vulnerable before version 5.0.6. An unauthenticated attacker can trigger export of all form data/settings (including the administrator’s email) by passing a URL parameter to regenerate a .json file derived from...

CVE-2026-1867

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

MAL-2026-1255 Malicious code in pearpass-lib-data-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview pearpass-lib-data-export is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

PT-2026-21826

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...