CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

CVE-2025-14720

CVE-2025-14720 : Booking for Appointments and Events Calendar – Amelia (WordPress) is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to 1.2.38. Unauthenticated attackers can mark payments as refunded, trigger sending of queued notifi...

CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

PT-2026-1751

Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 1.2.38 Description The Amelia plugin for WordPress is susceptible to unauthorized access because of absent capability checks on several AJAX actions. This allows unauthenticated attacker...

Sitecore Debug Page Detected

Sitecore is a popular web content management system WCMS used for building and managing websites. When the debug page is accessible, it can expose sensitive information about the application's configuration, environment, and code structure. This information can be exploited by attackers to identi...

Amazon Linux 2023 : ansible (ALAS2023-2025-1330)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1330 advisory. A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when runni...

CVE-2019-16272

On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge adb enablement...

CVE-2025-1479

An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000269)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000269 advisory. An issue was discovered in drivers/scsi/qedi/qedidbg.c in the Linux kernel before 5.1.12. In the qedidbg family of functions, there is an out-of-bounds read. Tenable...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000484 advisory. A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters pass...

Symfony Conflicting Headers Information Disclosure

The remote web application is using Symfony, a PHP framework. It is affected by an information disclosure vulnerability arising from conflicting proxy headers. When both 'Forwarded' and 'X-Forwarded-' headers are present in a request, a misconfiguration in Symfony's trusted proxy settings can...

CVE-2020-36921

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

PT-2026-1454

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /v1/users/image and /v1/sys/debug endpoints. An attacker can retrieve sensitive configuration files, system debug information, and enumerate file existence by sending crafted requests to these endpoints...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /v1/users/image and /v1/sys/debug endpoints. An attacker can retrieve sensitive configuration files, system debug information, and enumerate file existence by sending crafted requests to these endpoints...

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-48768

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fsinoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger that is disabled by default, NULL pointer dereference handled differently depending on the targ...