WordPress plugin ProfileGrid – User Profiles, Groups and Communities 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-23816

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pg delete msg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting...

GHSA-C5CP-VX83-JHQX Langflow Missing Authentication on Critical API Endpoints

Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...

EUVD-2006-6724

Malware in sbrugna...

EUVD-2006-3554

Malware in sbrugna...

EUVD-2024-16630

Malicious code in bioql PyPI...

PT-2025-32857

Name of the Vulnerable Software and Affected Versions: Microsoft Teams versions prior to 25122.1415.3698.6812 Description: A heap-based buffer overflow exists in Microsoft Teams, potentially allowing an unauthorized attacker to execute code over a network. Exploitation may involve malicious links...

CVE-2011-1104

Multiple cross-site request forgery CSRF vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that 1 change a PIN, 2 delete messages, 3 add a delivery address, or 4 change a delivery address...

CVE-2024-0847

CVE-2024-0847 affects the 5280 Bootstrap Modal Contact Form plugin for WordPress. The root cause is missing/incorrect nonce validation in class-sbmm-list-table.php, enabling CSRF to bulk delete messages by unauthenticated attackers if they can trick an admin into performing an action (e.g., click...

CVE-2023-4023

The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger...

WordPress plugin All Users Messenger 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-23720 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.7 Description: The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard o...

Rocket.Chat 授权问题漏洞

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an authorization issue vulnerability. An attacker could use this vulnerability to bypass authentication and delete user messages...

SUSE CVE-2007-1841

The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...

WordPress Simple Ajax Chat plugin跨站请求伪造漏洞

WordPress is a product of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Simple Ajax Chat plugin has a cross-site request forgery vulnerability, whic...

WordPress 插件 Simple Ajax Chat跨站请求伪造漏洞

WordPress is a product of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Simple Ajax Chat plugin has a cross-site request forgery vulnerability, whic...

PHPFusion Cross-Site Request Forgery Vulnerability

PHPFusion is a lightweight open source content management system. PHPFusion 9.03.90 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to delete all shoutbox messages on behalf of a logged-in victim...

Phpfusion 跨站请求伪造漏洞

PHPFusion is a lightweight open source content management system. PHPFusion 9.03.90 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to delete all shoutbox messages on behalf of a logged-in victim...

Kindred Group: [unibet.com] Delete messages via IDOR at /mom-api/messages/unibet_█████████@unibet/

==Below is the original, partially-redacted report== --------- Description: Hey team, I found an endpoint which is vulnerable to IDOR by which I can delete messages of any user without their interaction at all. But sadly I can't reproduce this issue for the time being as I don't have any spare...

Design/Logic Flaw

The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of...