648 matches found
CVE-2023-53701
...
CVE-2025-10849
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...
EUVD-2025-34822
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425
MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
Insufficient Session Expiration
Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate JWT after logout or account deactivation. An attacker can maintain unauthorized access by reusing a stolen or intercepted token until it...
CVE-2025-10849 Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...
Strapi 代码问题漏洞
Strapi is an open source content management system CMS from the French strapi community. A code issue vulnerability exists in Strapi versions prior to 5.24.1, which stems from the failure to invalidate the JWT after logging out or deactivating an account and the presence of the /admin/renew-token...
EUVD-2025-33842
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...
CVE-2025-8606
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...
CVE-2025-8606 GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...
PT-2025-41678
Name of the Vulnerable Software and Affected Versions GSheetConnector For Gravity Forms plugin for WordPress versions prior to 1.3.24 Description The software is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the activate plugin and deactivate plugin functions. Th...
EUVD-2019-11413
Malware in sbrugna...
EUVD-2015-8142
Malware in sbrugna...
EUVD-2019-11879
Malware in sbrugna...
EUVD-2013-3383
Malware in sbrugna...
EUVD-2012-2389
Malware in sbrugna...
EUVD-2021-11818
Malware in sbrugna...