CVE-2024-55585

In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...

PT-2025-24334 · WordPress · The Profiler – What Slowing Down Your Wp

Name of the Vulnerable Software and Affected Versions: The Profiler – What Slowing Down Your WP plugin for WordPress versions prior to 1.0.1 Description: The issue is related to a missing capability check on the wpsd plugin control function, allowing unauthorized modification of data. This makes ...

Everyone's on the cyber target list

Welcome to this week's edition of the Threat Source newsletter. I've discovered that being a rent guarantor for someone is an involved experience. While I'm glad that I can help out a loved one secure a better rental property, the process of verifying my identity and ability to cover any missed...

llama_index vulnerable to SQL Injection

Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...

GHSA-V3C8-3PR6-GR7P llama_index vulnerable to SQL Injection

Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol...

CVE-2024-23589

Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs...

CVE-2024-23589 HCL Glovius Cloud is susceptible to an Outdated Hash Algorithm vulnerability

Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs...

CVE-2025-48483 FreeScout Stored XSS leads to CSRF

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML...

PT-2025-23234 · Unknown · Tinxy Wifi Lock Controller

Name of the Vulnerable Software and Affected Versions: Tinxy WiFi Lock Controller version v1 RF Description: The issue concerns the storage of sensitive user information, including credentials and mobile phone numbers, in plaintext. Recommendations: For Tinxy WiFi Lock Controller version v1 RF,...

CVE-2025-46823

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not...

CVE-2025-48475

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...

CVE-2025-48749

Netwrix Directory Manager formerly Imanami GroupID v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data...

CVE-2025-5281

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Chromium security severity: Medium...

PT-2025-22891 · Be Tech · Be-Tech Mifare Classic

Name of the Vulnerable Software and Affected Versions: Be-Tech Mifare Classic card systems affected versions not specified Description: The data stored in the Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a...

The ROI of DSPM: Why Data Security Posture Management Is a Business Imperative

See how Data Security Posture Management DSPM delivers measurable impact across risk reduction, compliance, and operational efficiency...

CVE-2024-1158

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

CVE-2024-1645

The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export...

CVE-2024-34687

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, includin...

CVE-2024-20986

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server...